Chat

Negotiation chat with different groups

Akira

Avaddon

Avos

Babuk

BlackBasta

BlackMatter

Cloak

Conti

Darkside

Dragonforce

  • 058f4b92-ae99-45c7-bf35-5d2d6754b3de – 19 message(s) voir chat
  • 05f724f8-906e-4739-8177-815852cc2c3f – 29 message(s) voir chat
  • 29BBE03074FDBB8D – 10 message(s) voir chat
  • 7A313D13EB6B4E58 – 32 message(s) voir chat
  • 89716D29D2CEE36F – 23 message(s) voir chat
  • AB0404E049514B50 – 28 message(s) voir chat
  • BD004D632D87DBA0 – 25 message(s) voir chat
  • C2A3C7249797F5ED – 66 message(s) voir chat
  • C42CDF65B97D0E92 – 30 message(s) voir chat
  • C7CD31EAAF9DE9AC – 71 message(s) voir chat
  • C8479B30418B331E – 4 message(s) voir chat
  • D6DDD9B26D7D41DB – 14 message(s) voir chat
  • FDA8141B6DD392E3 – 10 message(s) voir chat
  • b8e14e1a-548f-4eec-bd6e-a590126e57c9 – 14 message(s) voir chat

Hive

Hunters International

Mallox

NoEscape

Pear

Qilin

  • 20240429 – 3 message(s) voir chat
  • 20250203 - from @RakeshKrish12 – 36 message(s) voir chat

REvil

RansomHub

Ranzy

RunSomeWares

fog

lockbit3.0

mount-locker

trinity

Victim 2024-09-17T19:33:22.282577Z
hello? there was a readme.txt file with instructions to come to this site. can you please explain what is going on? the files have .dragonforce_encrypted on the end of them and are not opening.
Attacker 2024-09-17T19:36:30.576866Z
Hi, wait.
Attacker 2024-09-17T19:40:36.490148Z
Attachment sent: tree_mastery.zip (3.38 MB)
Attacker 2024-09-17T19:40:55.408331Z
Besides the fact that the files on your network are encrypted, you have also lost some of them. They are with us. Here is a list of them.
Victim 2024-09-17T19:50:03.47268Z
what is this? a list of the files? what do you mean by 'lost'? were they deleted?
Attacker 2024-09-17T19:51:59.904327Z
We have these files. As well as a program to restore information on your computers.
Victim 2024-09-17T20:11:08.559673Z
okay. so in addition to scrambling the files, you also stole files? are the files from this list (the files you stole) still on my computers?
Attacker 2024-09-17T20:12:07.496824Z
Yes, that's right
Victim 2024-09-17T20:14:25.993514Z
all the filenames are scrambled so i don't know what files are what. for proof you can unscramble them, you say you need a certain file type, but i have no idea what files are what on my side.
Victim 2024-09-17T20:14:33.330746Z
what do you want from me??
Attacker 2024-09-17T20:16:41.215838Z
The architecture of the folders with your files is not broken. You can select a small file from a folder whose contents you know, and we will do a test decryption. Examples of such files are described in the rules, they cannot be critical data.
Victim 2024-09-17T20:45:28.928091Z
i will try to guess and find the right files to decode. without the filenames, i simply won't know for sure. can you explain why you attacked me and what you want?
Attacker 2024-09-17T20:50:59.419056Z
You've probably already used Google and know who we are and what we want. We will restore the data from you and delete the data from us after you pay. Otherwise, the data we have will be published. It is often not immediately believed that without payment we will actually publish the data. So check out our blog and make sure we do it.
Victim 2024-09-17T20:57:23.92655Z
i think i understand all of that. but what do you want from me?
Attacker 2024-09-17T20:59:08.506013Z
Money
Victim 2024-09-18T22:41:09.808095Z
here are 3 files from the list you sent me.
Victim 2024-09-18T22:41:21.797589Z
1) [Redacted]20190304.xlsx
Victim 2024-09-18T22:41:28.232985Z
2) [Redacted].msg
Victim 2024-09-18T22:41:34.241647Z
3) [Redacted]23-24.pptx
Attacker 2024-09-19T00:44:57.203938Z
Attachment sent: [Redacted]20190304.xlsx
Attacker 2024-09-19T00:46:36.102356Z
Attachment sent: [Redacted].xlsx (42 KB)
Attacker 2024-09-19T00:46:44.547715Z
Attachment sent: [Redacted].msg (87 KB)
Attacker 2024-09-19T00:46:52.872674Z
Attachment sent: [Redacted]23-24.pptx (3.96 MB)
Victim 2024-09-19T14:39:51.66601Z
does the list of files you sent show all the files you took?
Attacker 2024-09-19T14:46:19.756032Z
Yes
Victim 2024-09-19T18:47:02.367298Z
i have 3 small scrambled files from a windows computer. i have no idea what files they are, but are from a folder that shouldn't have anything important. how do i give these to you to prove to me that you can fix them?
Attacker 2024-09-19T19:01:28.85014Z
You should have uploaded the decryption verification file in the previous step in this dialog. You had instructions on how to do it.
Victim 2024-09-19T19:02:53.602854Z
how do i get back to that step?
Attacker 2024-09-19T19:04:30.173636Z
We have now moved you to this step again. Try refreshing the page.
Victim 2024-09-19T19:24:45.283597Z
okay. i put 1 of the files through
Attacker 2024-09-19T19:26:03.175022Z
You have made sure that we have your files and we have a file recovery tool on your network.
Attacker 2024-09-23T15:55:39.527918Z
Have you already assessed the situation and are ready to discuss payment, or would you like more time? As per our rules, I will need to make an announcement regarding the publication of your data on our blog tomorrow if negotiations continue to drag on.
Victim 2024-09-23T19:18:48.399592Z
What negotiatons? I asked what you want and all you say is money. I'm not sure what I'm missing or should do at this point. I am waiting for you to tell me what you want.
Attacker 2024-09-23T19:22:02.852478Z
Attachment sent: 2023 Form 990 for Mastery Schools.pdf (583 KB)
Attacker 2024-09-23T19:22:21.569084Z
Do you know this document?
Attacker 2024-09-23T19:38:52.85204Z
Usually, for a company of your size, the amount is $2,000,000. But since you are filing tax reports on Form 990, we are ready to reduce it to $950,000. This way you can hide it in the reports and keep the whole incident a secret.
Victim 2024-09-23T19:38:54.493669Z
I know you have my files. You already proved this. What do you want?
Attacker 2024-09-23T19:39:45.841953Z
$950 000
Victim 2024-09-24T18:27:01.313374Z
We are talking through everything and trying to process next steps. Can you confirm for us what we would get if we were to pay you?
Attacker 2024-09-24T18:37:36.518164Z
Read the F.A.Q., there are answers. More specifically, we will not publish your files (we will delete them) you will also receive a decryption program.
Victim 2024-09-27T18:36:14.42272Z
We are meeting next week with finance to see how much we can pay. I'll be back after the weekend. Thanks
Attacker 2024-09-27T18:44:56.378567Z
Okay, i get you. I will turn off the timer until friday next week, to facilitate negotiations. Can you name a day when you will have an answer?
Victim 2024-09-30T15:17:36.873675Z
We are meeting about this now and we simply don't understand why you are asking for so much. Your price is just so high that we honestly don't see anything we can do on our end. We know you have all of our files and know exactly how much money we have, but why ask for more money than you know we have? Paying you seems impossible at such a high amount.
Attacker 2024-09-30T15:39:26.310817Z
Earlier, I sent you the file with your tax records. These are the official documents that you submitted to the tax authorities. They show the amounts of your income and expenses. Is the information you submitted to the tax service unreliable?
Victim 2024-09-30T15:44:50.006559Z
We are a public school. Our "income" isn't normal income like a company. We don't generate revenue and don't have income. We operate on a strict and tight budget.
Attacker 2024-09-30T15:51:29.665726Z
We have reviewed your documentation, not just the file you sent us above. The amount you are being offered is significantly lower than what a commercial organization would receive.
Victim 2024-09-30T16:04:17.818395Z
For that, we are appreciative. I don't mean to be disrespectful or unappreciative, but we just don't have the budget for a massive expense like this. You have all of our documents and can see this. Our athletic department doesn't even have the funds to travel to away sporting events so they are trying to raise funds with bake sales and car washes.
Victim 2024-09-30T16:04:27.912689Z
Listen, I don't want to waste your time. Can you let me know the lowest amount you would be willing to accept so we can see if a payment is even possible?
Attacker 2024-09-30T16:07:01.105724Z
I've given you the amount. Now I expect the amount from you. We will discuss this and eventually come to some figure. It usually happens like this. And if we are not talking about deliberately small amounts, then negotiations can go very quickly, to our mutual satisfaction.
Victim 2024-09-30T16:09:43.006456Z
Okay. We will review the budget and see how much funding we can allocate to this, but please be aware that it won't be much. We also would like to arrive at a mutual agreement. I'll be back
Attacker 2024-09-30T16:12:44.302913Z
Ok
Victim 2024-10-01T16:15:42.369077Z
We think we can pay something around $80,000
Attacker 2024-10-01T17:11:13.949515Z
It seems to me that you misspelled the amount there. Forgot one digit in the number of $800,000
Victim 2024-10-01T18:04:00.508225Z
No, not a typo. We can't offer what we don't have. Anything you can do to make this work?
Attacker 2024-10-01T18:09:19.717396Z
There is one option. You raise the amount to 2 BTC exactly. Now it's about $127,000. And you name the date by which you will pay, if we agree today. And I will try to explain to the management that despite the grants and sponsors, you don't have any more money and we can make such a deal. Perhaps the management will agree.
Victim 2024-10-01T19:28:08.456317Z
We can't commit to anything before we take a closer look at our budget. This is a really large amount for us so we can't act on it instantly. Can we get back to you by the end of the week?
Attacker 2024-10-01T19:46:34.793947Z
The longer the negotiations take, the more difficult it will be for me to convince the management of this amount. But as I promised you, the timer is stopped until the end of the week.
Victim 2024-10-01T20:22:04.613704Z
Thanks
Victim 2024-10-04T15:36:53.167683Z
Good morning. We've been meeting and working on this for a few days now and the most we are able to afford to pay is still $80,000. We are a public school and simply don't have the budget for something like this. That said, we are trying to get an appointment to meet with the State Education Board to see about obtaining an emergency grant. Due to the Jewish holiday, we won't be able to get an appointment until after the weekend. I know you've been very patient with us so far, so all I ask right now is that you continue to remain patient so we can meet after the weekend to try to get the funds to pay you. Is this okay?
Attacker 2024-10-04T15:39:24.797947Z
On monday, will you tell me the result and the date when you will make the payment?
Victim 2024-10-04T15:42:37.30867Z
On Monday, I hope to know when we'll be able to meet with the State BOE. I'll let you know when we'll be able to meet with them. I know for any emergency funding requests, there's a vote that needs to take place and it could take a few days to be approved after the initial meeting.
Victim 2024-10-04T15:43:53.639364Z
My guess is we'll meet on Tuesday or Wednesday and hopefully by Friday we should get approved, or at least have a good idea of when we'll be approved.
Attacker 2024-10-04T15:44:12.614878Z
Ok. I will be waiting for information from you.
Victim 2024-10-04T15:44:49.432191Z
Thank you. I know the timing isn't ideal for either of us, but I appreciate your patience.
Victim 2024-10-07T17:38:13.221508Z
Good morning, I have good news. We have an appointment to meet with the State Board of Education on Wednesday. They are aware of the situation and that we will request emergency funding. After the meeting on Wednesday, I will be back to let you know how it went.
Attacker 2024-10-08T01:19:04.001869Z
Ok, we will be waiting for information from you.
Victim 2024-10-09T16:29:17.384845Z
Good news! We got an appointment to meet with the State BOE to explain the situation and to request emergency funding. We will meet with them on Friday afternoon. They said that they'll have to vote on the measure of the emergency funding request during their next closed-door session, which will happen on Thursday, October 17th in the morning. Once the voting is done, they will let us know right away and then I'll be back here to let you know.
Victim 2024-10-09T16:30:49.628919Z
I know that's not until next week, but we'll just have to be patient because they are the only ones who can help. In the meantime, can you please explain in detail how the payment process works?
Attacker 2024-10-09T16:34:06.513176Z
You will need to pay BTC to the wallet address given to you. To exchange USD for BTC, you need to use any intermediary that suits you. We will only accept BTC.
Victim 2024-10-09T16:39:16.453079Z
Okay. We will start looking into that now. I'll be back after the vote next Thursday, the 17th. Once you have a bitcoin address for us to use, please provide it.
Attacker 2024-10-09T16:44:03.668073Z
I can provide it right now. It has been added to the section for payment on your part. And the amount indicated is 2 BTC. Right now it's $123,660

Auteur/autrice

sdgadmin@tux.ovh