Chat

Negotiation chat with different groups

Akira

Avaddon

Avos

Babuk

BlackBasta

BlackMatter

Cloak

Conti

Darkside

Dragonforce

  • 058f4b92-ae99-45c7-bf35-5d2d6754b3de – 19 message(s) voir chat
  • 05f724f8-906e-4739-8177-815852cc2c3f – 29 message(s) voir chat
  • 29BBE03074FDBB8D – 10 message(s) voir chat
  • 7A313D13EB6B4E58 – 32 message(s) voir chat
  • 89716D29D2CEE36F – 23 message(s) voir chat
  • AB0404E049514B50 – 28 message(s) voir chat
  • BD004D632D87DBA0 – 25 message(s) voir chat
  • C2A3C7249797F5ED – 66 message(s) voir chat
  • C42CDF65B97D0E92 – 30 message(s) voir chat
  • C7CD31EAAF9DE9AC – 71 message(s) voir chat
  • C8479B30418B331E – 4 message(s) voir chat
  • D6DDD9B26D7D41DB – 14 message(s) voir chat
  • FDA8141B6DD392E3 – 10 message(s) voir chat
  • b8e14e1a-548f-4eec-bd6e-a590126e57c9 – 14 message(s) voir chat

Hive

Hunters International

Mallox

NoEscape

Pear

Qilin

  • 20240429 – 3 message(s) voir chat
  • 20250203 - from @RakeshKrish12 – 36 message(s) voir chat

REvil

RansomHub

Ranzy

RunSomeWares

fog

lockbit3.0

mount-locker

trinity

Victim
> hi how much for decryption?
Akira
> Hello. You've reached an Akira support chat. Currently, we are preparing the list of data we took from your network. For now you have to know that dealing with us is the best possible way to settle this quick and cheap. Keep in touch and be patient with us. We will reach out to you soon. Do you have a permission to conduct a negotiation on behalf of your organization? Once we get a response you will be provided with all the details.
Victim
> yes
Akira
> List.7z // 141 KB
Akira
> These files were taken from your network prior to encryption. You can pick 2-3 random files up to 10 MB each from the list and we will upload them to this chat as a proof of possession. To prove that we can properly decrypt your data you can upload 2-3 encrypted files up to 10 MB each to our chat and we will upload decrypted copies back. We're looking through your financial papers to come up with a reasonable demand to you. We offer: 1) full decryption assistance;
2) evidence of data removal;
3) security report on vulnerabilities we found;
4) guarantees not to publish or sell your data;
5) guarantees not to attack you in the future. Let me know whether you're interested in a whole deal or in parts. This will affect the final price.
Victim
> we need the decryptor. evidence of data removal, and guarantee to not publish or sell data
Akira
> We will let you know the price soon.
Akira
> We're willing to set a $600,000 price for ALL the services we offer. We accept payments in BTC. To gain bitcoins you need to go to any exchange platform as binance or coinbase. Here are the guides: https://www.coinbase.com/how-to-buy/bitcoin
https://www.binance.com/en/how-to-buy/bitcoin You also can buy bitcoin from any local brokers. If you withdraw funds from your bank account, then you have to inform the bank that you need this money for investment purposes only. Do you have any file requests?
Akira
> Are you going to work with us?
Victim
> yes. the VMs are encrypted so hard time to get to the file to provide sample.
Victim
> can we give you a directory and file name and you can provide the file as proof of possession?
Akira
> Yes, please do asap.
Victim
> yes, the team is looking at the list to pick out file to show proof of possession.
Akira
> Any success?
Victim
> yes, they are sending directories to me soon and i will send to you.
Victim
> F:\[redacted].com\unpack\[redacted].docx
Victim
> F:\[redacted].com\unpack\[redacted].pdf
Victim
> F:\[redacted].com\unpack\[redacted].csv
Victim
> F:\[redacted].com\unpack\[redacted].html
Victim
> hello? we are ready to work with you for payment.
Akira
> files.rar // 214 KB
Akira
> You can review. Do you want to test our decryption tool before payment?
Victim
> yes, can we test the decryption tool?
Akira
> Sure. Provide the files today.
Akira
> Hello. Have you managed to gather files?
Victim
> sorry. this site was offline for a while
Akira
> Now it is on. Where are the files?
Victim
> how much for just evidence of data deletion and not leaing data?
Victim
> we will pay
Akira
> $320,000 for the rest options.
Victim
> No cyber insurance. Can you work with us? can we do $35,000? We can get you paid today if so.
Akira
> No. You have to be serious. $35,0000 won't work at all. Please reconsider asap.
Victim
> yea. just evidence of deletion and not leaking data. what about $95000?
Akira
> $260,000 if you pay today.
Victim
> we can do $155,000 today.
Akira
> $220,000 today. Here is our BTC wallet [redacted]. Let us know when you are ready to make payment.
Victim
> we can't do 220K. we're already loss of business because you entrypted us and we are shut down. let's get you paid. $160,000 today.
Akira
> Don't tell us stories. $200,000 is the lowest we can accept. Take it or leave it.
Victim
> it's the truth but we want this over with. let's meet in the middle at $180k. say yes and we are sending to [redacted]
Akira
> Guys, we've already reduced the price significantly. $200,000 is the lowest possible.
Victim
> yes and we appreciate it. let me check to make sure we can do that.
Victim
> ok. we are buying the BTC to send over.
Akira
> What's your progress?
Victim
> we'll have it today. delay with bank. we will let you know when we are sending. we will first send a smaller amount to confirm receipt.
Akira
> Standing by. Thank you.
Victim
> still waiting on bank. thank you for your patience
Akira
> Waiting.
Victim
> yep we are still waiting on bank transfers to complete
Akira
> Keep us posted.
Victim
> will do. still waiting on bank
Akira
> Any success?
Victim
> yea, we have the money. purchasing BTC now. can you resend your wallet again? we will send $500 first to make sure you get it. then we will send the rest.
Victim
> $500 sent to [redacted]. Confirm reciept.
Akira
> 0.005 received. You can proceed with the full amount.
Victim
> how will you provide evidence of data deletion?
Victim
> can with get video evidence of data deletion?
Akira
> You will receive a deletion log which means the raid drives that contained the only copy of your data are fully formatted and erased.
Victim
> and guarantee that no data is leaked?
Akira
> Sure. Guarantees will be provided as well. Are you going to send the rest?
Victim
> yes, sending now.
Victim
> the send is under review.
Victim
> rest of the money has been sent over. please provide deletion logs.
Akira
> Received. Please wait.
Akira
> Deletion.7z // 316 KB
Akira
> Initial access to your network was purchased on the dark web. Then kerberoasting was carried out and we got passwords hashes. Then we just bruted these and got domain admin password. Spending weeks inside of your network we've managed to detect some fails we highly recommend to eliminate: 1. None of your employees should open suspicious emails, suspicious links or download any files, much less run them on their computer.
2. Use strong passwords, change them as often as possible (1-2 times per month at least). Passwords should not match or be repeated on different resources.
3. Install 2FA wherever possible.
4. Use the latest versions of operating systems, as they are less vulnerable to attacks.
5. Update all software versions.
6. Use antivirus solutions and traffic monitoring tools.
7. Create a jump host for your VPN. Use unique credentials on it that differ from domain one.
8. Use backup software with cloud storage which supports a token key.
9. Instruct your employees as often as possible about online safety precautions. The most vulnerable point is the human factor and the irresponsibility of your employees, system administrators, etc. We wish you safety, calmness and lots of benefits in the future. Thank you for working with us and your careful attitude to your security.

Auteur/autrice

sdgadmin@tux.ovh