Akira Ransomware Negotiation — Redacted Organisation

> Hello.

> You've reached Akira support chat. Currently, we are preparing the list of data we took from your network. For now you have to know that dealing with us is the best possible way to settle this quick and cheap. Keep in touch and be patient with us. Do you have a permission to conduct a negotiation on behalf of your organization? Once we get your reply you will be provided with all the details.

> Please wait for details.

> List.7z // 394 KB

> These files were taken from your network prior to encryption. You can pick 2-3 random files up to 10mb size from the list and we will upload them to this chat as a proof of possession. To prove that we can properly decrypt your data you can upload 2-3 encrypted files up to 10mb size to our chat and we will upload decrypted copies back.

> We offer: 1) full decryption assistance; 2) evidence of data removal; 3) security report on vulnerabilities we found; 4) guarantees not to publish or sell your data; 5) guarantees not to attack you in the future. Let me know whether you're interested in a whole deal or in parts. This will affect the final price.

> You can upload any encrypted files you can find like log or configs. Please wait for files.

> files.7z // 939 KB

> Here us the files. Let us know your progress with encrypted ones.

> Let me know if you need the whole deal or in parts please. We are standing by to the files.

> You can give us log or config files for test.

> Make sure that the file size does not exceed 10mb. Our size limit is 10mb.

> Try uploading them through any file sharing service. You can share the link.

> Wait a bit.

> decrypted.7z // 22.1 KB

> Please review. Ready to discuss payment?

> The fourth option means we would have to delete your data, so this is just a basic guarantee of the second option. The price for the mentioned services is $225,000.

> We are waiting for your response today.

> Hi. We've heard these stories many times. What do you offer?

> We are waiting for your offer asap.

> Will we see a counter offer from you today?

> We are going to close the deal this week in any case.

> We are waiting for your offer today.

> Waiting for the update.

> Thank you for the update. We hope you will come to an agreement soon because we will not wait long. Anyway restructuring you mentioned will be more expensive that a deal with us. We can help with the price and we can accept $200,000 this week. It is up to you to decide what way to choose. Let us know your decision asap please. We need to move on.

> We accept bitcoins. To gain bitcoins you have to go to any exchange platform as binance or coinbase. Here are the guides: [REDACTED URL] [REDACTED URL] You also can buy bitcoin from any local brokers. If you withdraw funds from your bank account, then you have to inform the bank that you need this money for investment purposes only.

> So what do you have? Let us know asap.

> We are not offended at all but your offer is not enough to close the deal unfortunately. We see you want a resolution a even made an offer that is not really bad. We want to come to an agreement with you and we suppose it is possible so we are ready to accept $170,000 and get this over with. I believe you and your colleagues are able to see that the agreement with us is more that possible. Let us know asap.

> You have to give us a renewed offer if you want this to end positively.

> We believe you will cope with it. $170,000 is a price we can agree on with you. Your colleagues should understand that. We are waiting for updates.

> We will wait to hear about alternative you will find asap.

> We get lots of payments from [redacted]. Everything will be fine.

> We appreciate your willingness to cooperate and you efforts of course but we are still far apart from each other. We will wait for better number on Monday and we hope to finish the deal after we receive your renewed offer.

> Do not give up. Organize a meeting with you colleagues and try to find additional funds for this deal.

> Waiting for positive new from you.

> Sure. My leadership decided to reduce the price to assist you with the process and we are ready to accept $125,000. I think this amount you can cope with and we can end all this.

> $100,000 and we have a deal here.

> This one [redacted].

> We agree. How soon are you able to transfer BTC 1.7235?

> 0.00125 BTC received. You can proceed with the rest.

> unlockers.7z // 2.1 MB

> unlocker.exe -p="path_to_unlock" unlocker.exe -s="C:\paths.txt" where "paths.txt" is a list of paths for the decryptor, each path on a new line ESXi commands 1) chmod +x unlocker 2) ./unlocker -p="/vmfs/volumes"

> Yes. We'll provide everything soon.

> Deletion.7z // 250 Bytes

> Initial access to your network was purchased on the dark web. Then kerberoasting was carried out and we got passwords hashes. Then we just bruted these and got domain admin password. Spending weeks inside of your network we've managed to detect some fails we highly recommend to eliminate: 1. None of your employees should open suspicious emails, suspicious links or download any files, much less run them on their computer. 2. Use strong passwords, change them as often as possible (1-2 times per month at least). Passwords should not match or be repeated on different resources. 3. Install 2FA wherever possible. 4. Use the latest versions of operating systems, as they are less vulnerable to attacks. 5. Update all software versions. 6. Use antivirus solutions and traffic monitoring tools. 7. Create a jump host for your VPN. Use unique credentials on it that differ from domain one. 8. Use backup software with cloud storage which supports a token key. 9. Instruct your employees as often as possible about online safety precautions. The most vulnerable point is the human factor and the irresponsibility of your employees, system administrators, etc. We wish you safety, calmness and lots of benefits in the future. Thank you for working with us and your careful attitude to your security.

> You are welcome! Take care!