// Context
About This Negotiation
This transcript documents a Akira ransomware negotiation with a redacted victim organisation.
The negotiation consisted of 50 messages exchanged over Unknown.
The initial ransom demand was $220,000. The negotiation resulted in a confirmed payment.
// Primary Source
Full Transcript — Verbatim
Reproduced from Casualtek's Ransomchats archive. URLs have been redacted.
Victim names are shown only where the breach was publicly reported in mainstream media. Any organisation wishing their name redacted can contact us at
enquiries@binary-response.com — we will act promptly.
[Victim] — — Message 1/50
> hello?
[Victim] — — Message 2/50
> hello?
[Victim] — — Message 3/50
> I don't see anything. Does this work?
[Victim] — — Message 4/50
> hello?
[Akira] — — Message 5/50
> Hello. You've reached Akira support chat. Currently, we are preparing the list of data we took from your network. For now you have to know that dealing with us is the best possible way to settle this quick and cheap. Keep in touch and be patient with us. Do you have a permission to conduct a negotiation on behalf of your organization? Once we get a response you will be provided with all the details.
[Victim] — — Message 6/50
> Yes
[Akira] — — Message 7/50
> List.7z // 47 KB
[Akira] — — Message 8/50
> These files were taken from your network prior to encryption. You can pick 2-3 random files from the list and we will upload them to this chat as a proof of possession. To prove that we can properly decrypt your data you can upload 2-3 encrypted files to our chat and we will upload decrypted copies back.
[Victim] — — Message 9/50
> Can I see the following
[Victim] — — Message 10/50
> User Data\[redacted].docx
[Victim] — — Message 11/50
> Public\[redacted].xlsx
[Victim] — — Message 12/50
> Public\[redacted].docx
[Akira] — — Message 13/50
> Please wait.
[Akira] — — Message 14/50
> files.rar // 38.7 KB
[Akira] — — Message 15/50
> You can review. If you want to test our decryption tool, provide 2-3 encrypted files asap.
[Victim] — — Message 16/50
> [redacted].csv.akira // 634 Bytes
[Victim] — — Message 17/50
> Here are two encrypted files
[Victim] — — Message 18/50
> [redacted].bat.akira // 9.63 KB
[Akira] — — Message 19/50
> decrypted.7z // 3.03 KB
[Akira] — — Message 20/50
> You can review the files.
[Akira] — — Message 21/50
> We're looking through your files to calculate a fair demand to you. I will let you know the sum shortly. We offer:
1) full decryption assistance;
2) evidence of data removal;
3) security report on vulnerabilities we found;
4) guarantees not to publish or sell your data;
5) guarantees not to attack you in the future.
Let me know whether you're interested in a whole deal or in parts. This will affect the final price.
[Victim] — — Message 22/50
> Can we see the full price? We may not need everything but knowing the full amount will be helpful.
[Akira] — — Message 23/50
> I'll provide soon.
[Akira] — — Message 24/50
> We're willing to set a $220,000 price for ALL the services listed above. Let me know how you'd like to proceed.
[Akira] — — Message 25/50
> The decryptors will cost you $150,000, the evidence of data removal is $150,000 as well. We will give you the report for free in case you will purchase any of two mentioned options. The full package is always cheaper as you can see.
[Victim] — — Message 26/50
> Can you confirm if that file list that you shared is a complete list of everything that you took?
[Akira] — — Message 27/50
> We do confirm that the list indicates everything we've obtained.
[Akira] — — Message 28/50
> Ready to proceed?
[Victim] — — Message 29/50
> We are still talking about this since we have never thought this type of thing would happen to us. Can we have the Easter weekend to think about it and then we can continue on Monday?
[Akira] — — Message 30/50
> Yes you can but we will wait for you on Monday with an offer we can't refuse.
[Victim] — — Message 31/50
> We are back. We had a lot of discussion today around what we can afford and what we are looking to obtain from you, and we are willing to offer $42,500 in hopes of having you delete the data that you took from us. We aren't a big credit union so we are hopeful that we can resolve this with you.
[Akira] — — Message 32/50
> Thanks for the offer but as you see you are too far from us at the moment. We can come towards you but you need to understand that we won't close the case for less than 6 figure sum. I'll wait for a better offer from to be able to discuss it with my leadership.
[Victim] — — Message 33/50
> 6 figures is a lot for us, but we will check to see what we can do. What is the best price you can offer us?
[Akira] — — Message 34/50
> We've already given you the best price. Raise your offer and we will end this incident finally.
[Akira] — — Message 35/50
> We're willing to accept $100,000 the lowest. You can go back and forth but we will not go any lower.
[Victim] — — Message 36/50
> We appreciate that. Can we have some time to discuss this? This is going to be a pretty heavy decision on our side, but we will try to keep you updated
[Akira] — — Message 37/50
> We hope to get this over with before the weekend. Standing by.
[Victim] — — Message 38/50
> Okay, with some approvals from our board, we are able increase our offer to $55,250. We understand that you said $100,000 is the lowest, but we really are looking for you to work with us here.
[Akira] — — Message 39/50
> You have to come closer to our demand if you want to resolve this. All I can do is $95,000.
[Victim] — — Message 40/50
> We won't be able to see about being able to increase what we can pay until Monday at the earliest. We can get back to you then.
[Akira] — — Message 41/50
> Waiting for your reply on Monday. Not later.
[Victim] — — Message 42/50
> Okay we have been able to come closer to your amount, but it's still unattainable for us. We can offer you $62,000 and to be honest we don't believe that we will be able to really increase it anymore from here. We are tapping into all of our resources for you right now.
[Akira] — — Message 43/50
> Hello. We appreciate this step on your part. We can't accept $62k but we're willing to come down to $90,000 and get this resolved finally.
[Victim] — — Message 44/50
> $90,000 is going to be quite the challenge for us to get to. We are going to update the board with your new price, but we don't know what they will be able to do to come up with the remainder. Can you give us a day or two to try to figure this out. We want this situation to be put behind us so hopefully we have an update sooner rather than later.
[Akira] — — Message 45/50
> Standing by.
[Akira] — — Message 46/50
> You have 24 hours to give us your decision regarding this deal. If you stay silent, we will announce the breach on our blog.
[Victim] — — Message 47/50
> We are still here. It has been difficult to come up with more money. We expect an update end of day Friday though
[Akira] — — Message 48/50
> We have to agree to the sum before Friday. We will either come to an agreement this week or will cancel the deal. Hope you're interested in a win-win resolution.
[Victim] — — Message 49/50
> Understood
[Akira] — — Message 50/50
> You can find your company name in our news column: [REDACTED URL] If you want this post to be removed, we have to agree on something.