// Context
About This Negotiation
This transcript documents a Akira ransomware negotiation with a redacted victim organisation.
The negotiation consisted of 58 messages exchanged over Unknown.
The initial ransom demand was $250,000. The final outcome is not confirmed in the transcript.
// Primary Source
Full Transcript — Verbatim
Reproduced from Casualtek's Ransomchats archive. URLs have been redacted.
Victim names are shown only where the breach was publicly reported in mainstream media. Any organisation wishing their name redacted can contact us at
enquiries@binary-response.com — we will act promptly.
[Victim] — — Message 1/58
> hello
[Victim] — — Message 2/58
> Hello
[Victim] — — Message 3/58
> [redacted]
[Victim] — — Message 4/58
> We would like to un-encrypt our files
[Akira] — — Message 5/58
> Hello. You've reached Akira support chat. Currently, we are preparing the list of data we took from your network. For now you have to know that dealing with us is the best possible way to settle this quick and cheap. Keep in touch and be patient with us. We will reach out to you soon. Do you have a permission to conduct a negotiation on behalf of your organization? Once we get a response you will be provided with all the details.
[Victim] — — Message 6/58
> yes
[Akira] — — Message 7/58
> Wait a moment.
[Akira] — — Message 8/58
> List.7z // 1.37 MB
[Akira] — — Message 9/58
> These files were taken from your network prior to encryption. You can pick 2-3 random files from the list and we will upload them to this chat as a proof of possession. To prove that we can properly decrypt your data you can upload 2-3 encrypted files to our chat and we will upload decrypted copies back.
[Victim] — — Message 10/58
> how do I open this?
[Victim] — — Message 11/58
> nevermind.
[Victim] — — Message 12/58
> [redacted].jpg.akira // 135 KB
[Victim] — — Message 13/58
> [redacted].jpg.akira // 328 KB
[Victim] — — Message 14/58
> [redacted].jpg.akira // 136 KB
[Victim] — — Message 15/58
> Here you go
[Akira] — — Message 16/58
> We upload them decrypted soon.
[Akira] — — Message 17/58
> [redacted].jpg // 134 KB
[Akira] — — Message 18/58
> [redacted].jpg // 135 KB
[Akira] — — Message 19/58
> [redacted].jpg // 328 KB
[Akira] — — Message 20/58
> Here are the decrypted files. Do you need files for proof?
[Akira] — — Message 21/58
> So, we've gone through your files to define your financial abilities. We've been looking through your bank statements, net income, cyber liability limits, financial audits - all the info that might help us calculate our demand to you. We're willing to set a $250,000 price for ALL the services we offer: 1) full decryption assistance;
2) evidence of data removal;
3) security report on vulnerabilities we found;
4) guarantees not to publish or sell your data;
5) guarantees not to attack you in the future. Let me know whether you're interested in a whole deal or in parts. This will affect the final price.
[Victim] — — Message 22/58
> Can you please send us these files from the list that you sent?
[Victim] — — Message 23/58
> [redacted].xlsx [redacted].csv [redacted].pdf [redacted].pdf [redacted].XLS [redacted].pptx
[Akira] — — Message 24/58
> Sure. We will provide them soon.
[Akira] — — Message 25/58
> [redacted].7z // 5.03 MB
[Akira] — — Message 26/58
> Here are the files you can review. We asked for 2-3 files and are giving you back 4 of 6.
[Victim] — — Message 27/58
> Hello?
[Akira] — — Message 28/58
> Are you ready to proceed to payment details?
[Akira] — — Message 29/58
> Hello. Will you have a deal with us or we can move to announcing your leak? Let us know.
[Victim] — — Message 30/58
> Thank you for the unlocked files and the files from the list that we requested. We have been reviewing everything and discussing our next steps and the truth of the matter is that we don’t have 250,000 just lying around to send to you. What is the best number you can provide so that we can resolve this as quickly as possible?
[Akira] — — Message 31/58
> What is your counter offer?
[Victim] — — Message 32/58
> All we have on hand at the moment is 25,000 USD that we can send. Is there any way that you can provide us a number that we can maybe work with given what we have currently? At least we can then see if it’s doable to gather any more. We don’t think there’s anyway that we are going to be able to get close to the 250,000 number, but we are trying to gather as much as we can.
[Akira] — — Message 33/58
> 10% of our demand? Are you sure? We will post your data and delete this chat later if you don't reconsider this modest offer within 24 hours.
[Victim] — — Message 34/58
> I’m sorry. I appreciate that you feel $25,000 is not acceptable. We do want your services, and we are trying to gather what we can. However, getting capital together is extremely difficult as awe are not a high cashflow business. We may be able to generate a bit more, but I’m not sure. Can you provide us with a more reasonable number given our financial situation? Can you accept $50,000?
[Akira] — — Message 35/58
> No we can't. Only 6 figure amount will be considered and at the moment it is $225,000.
[Victim] — — Message 36/58
> We appreciate the reduction, but the truth of the matter is that we still don't have 225,000. We are still trying to find funds anywhere we can, but our bank is going to want to know exactly where the money is going and they won't allow us to use the funds for something like this. Our only option is to try and gather the funds elsewhere. With that being said, we are actively trying to gather more, but is 225,000 your absolute best number?
[Akira] — — Message 37/58
> If your next step will be above six number sum, I'll ask my team if there any additional discount possible.
[Victim] — — Message 38/58
> Thank you for the consideration. My team is working on seeing what more we can do. At the moment I’ve only been able to pull together $75k. We just Need more time.
[Akira] — — Message 39/58
> Update us on Monday.
[Victim] — — Message 40/58
> Hello, we've been working on this all weekend and here's what we've been able to do, we can come up to the 6 figure number and offer 100,000, but this is all we will probably have for quite some time. PLease consider our offer and let's gt a deal done.
[Akira] — — Message 41/58
> The upper management has decided to provide you with $30,000 discount coming down to $220,000 amount. You can handle this sum with no harm to your business, let's get this over.
[Victim] — — Message 42/58
> While we appreciate the further reduction, we simply don't have that much onhand and it's going to take quite some time to get any more than we currently have.
[Akira] — — Message 43/58
> You have until Friday.
[Victim] — — Message 44/58
> We are really wanting to get this done quickly, but we simply don't have what you are asking for and we don't know where or how we are going to get any more than the 100,000 that we've offered. We've used up all of our sources of cash. We can send you all of this now, but I don't know when or if we'll have anymore.
[Akira] — — Message 45/58
> You still have time until Friday to get more funds. Let's see what you will get and decide how to continue our deal.
[Victim] — — Message 46/58
> We are still trying to raise further funds, but we aren't having a lot of luck. We'll let you know where we are at tomorrow.
[Akira] — — Message 47/58
> Ok, standing by.
[Victim] — — Message 48/58
> Ok, so we now have 150,000 and just want to get this done and behind us. THis is basically splitting the difference between your price and our's. Please consider our offer, help us out, and let us get on with our business. THanks for your consideration
[Akira] — — Message 49/58
> Hello
[Akira] — — Message 50/58
> The leadership has agreed to accept your offer. Here is the BTC wallet ID for payment: [redacted]
How soon are you going to fund our wallet?
[Victim] — — Message 51/58
> We are getting the approvals from our bank first and then we will be ready to send the payment. The unfortunate part is that it's the weekend and our bank may not respond until Monday. We will get the request in and let you know once we are sending the funds.
[Akira] — — Message 52/58
> Waiting for an update on Monday.
[Victim] — — Message 53/58
> Payment has been sent to your wallet. Can you confirm and send us what we agreed to pay for?
[Akira] — — Message 54/58
> Wait a bit.
[Akira] — — Message 55/58
> We confirm the receipt. Please wait for the items.
[Akira] — — Message 56/58
> unlocker.7z // 3.04 MB
[Akira] — — Message 57/58
> unlocker.exe -p="path_to_unlock"
unlocker.exe -s="C:\paths.txt"
where "paths.txt" is a list of paths for the decryptor, each path on a new line
same arguments work with the esxi decryptor
[Akira] — — Message 58/58
> We will send the rest withing 24 hours.