// Context
About This Negotiation
This transcript documents a Akira ransomware negotiation with a redacted victim organisation.
The negotiation consisted of 74 messages exchanged over Unknown.
The initial ransom demand was $100,000. The final outcome is not confirmed in the transcript.
// Primary Source
Full Transcript — Verbatim
Reproduced from Casualtek's Ransomchats archive. URLs have been redacted.
Victim names are shown only where the breach was publicly reported in mainstream media. Any organisation wishing their name redacted can contact us at
enquiries@binary-response.com — we will act promptly.
[Victim] — — Message 1/74
> hello
[Victim] — — Message 2/74
> hello
[Victim] — — Message 3/74
> hello please help ME
[Victim] — — Message 4/74
> hi
[Victim] — — Message 5/74
> is somebody there
[Victim] — — Message 6/74
> we are very small company...
[Victim] — — Message 7/74
> ??
[Victim] — — Message 8/74
> ???
[Victim] — — Message 9/74
> hemlo Mister
[Victim] — — Message 10/74
> Please helo please help
[Victim] — — Message 11/74
> is somebody there
[Victim] — — Message 12/74
> Hello....
[Victim] — — Message 13/74
> It is our existence... please please help us
[Victim] — — Message 14/74
> Hello
[Victim] — — Message 15/74
> mister
[Victim] — — Message 16/74
> hello
[Victim] — — Message 17/74
> hellooo
[Victim] — — Message 18/74
> akira
[Victim] — — Message 19/74
> team
[Victim] — — Message 20/74
> helooooo
[Victim] — — Message 21/74
> akira
[Victim] — — Message 22/74
> hello
[Victim] — — Message 23/74
> 😭😭😭😭
[Victim] — — Message 24/74
> hellooo
[Victim] — — Message 25/74
> is u there??
[Victim] — — Message 26/74
> hellooo
[Victim] — — Message 27/74
> helloooo
[Victim] — — Message 28/74
> helloooo
[Akira] — — Message 29/74
> Hello. You've reached an Akira support chat. Currently, we are preparing the list of data we took from your network. For now you have to know that dealing with us is the best possible way to settle this quick and cheap. Keep in touch and be patient with us. We will reach out to you soon.
Do you have a permission to conduct a negotiation on behalf of your organization? Once we get a response you will be provided with all the details.
[Victim] — — Message 30/74
> yes i am the owner of the company. Its a family business.
[Victim] — — Message 31/74
> we are a small company with not many people and all my family members work here. you didnt hack a big company. this situation is very bad for us and to be honest we dont have much money because work is not going good.
[Victim] — — Message 32/74
> PLEASE.....😭😭😭😭
[Akira] — — Message 33/74
> Wait for details.
[Victim] — — Message 34/74
> hello sir
[Akira] — — Message 35/74
> We didn't take your data. We are the ones who can properly decrypt your data and restore your infrastructure in a short period of time.
After payment you will receive a decryptor for each of your systems and manual on how to use it for particular file/system. If you face any problems during decryption process, we will be here to support. You will receive a security report that includes information about how we were able to penetrate your network, as well as exclusive first-hand information about the state of your network, the vulnerabilities that we found. What's more, you'll receive high-quality technical recommendations on eliminating any vulnerabilities and strengthening your network to secure your internal and external infrastructure.
You will also receive written guarantees that we will keep this conversation private, and delete this chat later. We won't come back for more money after payment and we won't attack you again. The price is $100,000. To prove that we can properly decrypt your data you can upload 2-3 encrypted files up to 10 MB each to our chat and we will upload decrypted copies back.
[Victim] — — Message 36/74
> 100,000$ is way too much. We as a family run business dont earn that kind of money. i wish i could pay it but there is no way we can afford that. we have already money problems right now and i can barely pay my employees salaries. you are about to destroy my families and my whole life. why do you attack a small business like us and not a big coorperation? everybody im my office is devistated and some are even crying because of this situation. the only thing i can do is please pay a maximum of 5,000$. i am sorry but i really cant afford more. please do it for my family and hard working honest employees. dont destroy our lives. we all need this company.
[Victim] — — Message 37/74
> PLEASE .....
[Akira] — — Message 38/74
> unlocker.7z // 1.24 MB
[Akira] — — Message 39/74
> unlocker.exe -p="path_to_unlock"
unlocker.exe -s="C:\paths.txt"
where "paths.txt" is a list of paths for the decryptor, each path on a new line
ESXi commands
1) chmod +x unlocker
2) ./unlocker -p="/vmfs/volumes"
[Victim] — — Message 40/74
> thx u very much ✌️✌️✌️✌️✌️
[Akira] — — Message 41/74
> You are welcome!
[Victim] — — Message 42/74
> sorry for bothering you but i am trying it the whole time but i cant make it work. can you please explain what i exactly have to do ?
[Victim] — — Message 43/74
> 😭😭😭😭
[Akira] — — Message 44/74
> You have instructions. Tell me at what stage you are having troubles.
[Victim] — — Message 45/74
> thx u very nuch......u are my Angel
[Victim] — — Message 46/74
> i can not repair the database
[Akira] — — Message 47/74
> Provide more details. What kind of error did you get?
[Victim] — — Message 48/74
> 😭😭😭😭😭😭😭😭
[Victim] — — Message 49/74
> we sqlserver can not attach the database
[Victim] — — Message 50/74
> is it normal??
[Victim] — — Message 51/74
> [redacted].jpg // 4.82 MB
[Victim] — — Message 52/74
> before decode
[Victim] — — Message 53/74
> before decode
[Victim] — — Message 54/74
> [redacted].jpg // 5.71 MB
[Victim] — — Message 55/74
> what gone wrong? PLEASE PLEASE HELP
[Victim] — — Message 56/74
> we thought the server had hung up and restarted the server. could it possibly be related to this?
[Victim] — — Message 57/74
> and some files is ending with arika .file
[Victim] — — Message 58/74
> I have a question because I am trying to fix something the whole time but I can’t. We thought that the server was down so we restarted it. Could it be possible that during that progress some files that started to be encrypted got damaged and can’t be decrypted now ? Because my most important .mdf files don’t work anymore. Could you please assist me ?
[Victim] — — Message 59/74
> PLEASE
[Victim] — — Message 60/74
> 😭😭😭😭😪😪😪
[Victim] — — Message 61/74
> 😭😭😭😭😭
[Victim] — — Message 62/74
> do u have an idea??
[Victim] — — Message 63/74
> ??
[Akira] — — Message 64/74
> Yes, the interruption of decryption process could damage files. Send me logs and I will ask my tech team.
[Victim] — — Message 65/74
> how u penerate our nrtwork? can u give me info please...
[Akira] — — Message 66/74
> Initial access to your network was purchased on the dark web.
[Victim] — — Message 67/74
> how can i find it?
[Victim] — — Message 68/74
> how it happen?
[Victim] — — Message 69/74
> access about email, router,client?
[Victim] — — Message 70/74
> how can i make beter or save?
[Victim] — — Message 71/74
> Thank you for your answers and patience with us
[Victim] — — Message 72/74
> Is there a new access, do I understand it correctly?
[Akira] — — Message 73/74
> You have already get decryptors for free. I've provided you with more than enough info.
[Victim] — — Message 74/74
> thx 🥰