// Context
About This Negotiation
This transcript documents a Akira ransomware negotiation with a redacted victim organisation.
The negotiation consisted of 70 messages exchanged over Unknown.
The initial ransom demand was $550,000. The final outcome is not confirmed in the transcript.
// Primary Source
Full Transcript — Verbatim
Reproduced from Casualtek's Ransomchats archive. URLs have been redacted.
Victim names are shown only where the breach was publicly reported in mainstream media. Any organisation wishing their name redacted can contact us at
enquiries@binary-response.com — we will act promptly.
[Akira] — — Message 1/70
> Hello. You've reached Akira support chat. Currently, we are preparing the list of data we took from your network. For now you have to know that dealing with us is the best possible way to settle this quick and cheap. Keep in touch and be patient with us. Do you have a permission to conduct a negotiation on behalf of your organization? Once we get your reply you will be provided with all the details.
[Victim] — — Message 2/70
> yes
[Victim] — — Message 3/70
> how do i fix my computer?
[Akira] — — Message 4/70
> Hello please wait
[Victim] — — Message 5/70
> hello?
[Victim] — — Message 6/70
> is anyone there?
[Victim] — — Message 7/70
> I guess I'll just shut down and reformat since you are not answering
[Akira] — — Message 8/70
> Wait a second.
[Akira] — — Message 9/70
> List.7z // 1010 KB
[Akira] — — Message 10/70
> These files were taken from your network prior to encryption. You can pick 2-3 random files up to 10 MB each from the list and we will upload them to this chat as a proof of possession. To prove that we can properly decrypt your data you can upload 2-3 encrypted files up to 10 MB each to our chat and we will upload decrypted copies back. We're looking through your financial papers to come up with a reasonable demand to you. We offer: 1) full decryption assistance;
2) evidence of data removal;
3) security report on vulnerabilities we found;
4) guarantees not to publish or sell your data;
5) guarantees not to attack you in the future. Let me know whether you're interested in a whole deal or in parts. This will affect the final price.
[Victim] — — Message 11/70
> hello
[Victim] — — Message 12/70
> hi
[Victim] — — Message 13/70
> I need help my files are locked!
[Victim] — — Message 14/70
> please help me I need my files
[Victim] — — Message 15/70
> I needz my filez bro
[Victim] — — Message 16/70
> yo i need my files back
[Victim] — — Message 17/70
> 10/07/2020 11:10 AM 75,909 [redacted].pdf 10/07/2020 11:10 AM 20,991 [redacted].pdf
[Victim] — — Message 18/70
> how much money do you need
[Victim] — — Message 19/70
> whats your demand
[Victim] — — Message 20/70
> i am willing to pay
[Victim] — — Message 21/70
> YEAH BOIII
[Victim] — — Message 22/70
> I gots work due for muh classes bro, hurry up
[Victim] — — Message 23/70
> DO YOU ACEPT WACKY BUCKS?
[Victim] — — Message 24/70
> Cashapp right now bro
[Victim] — — Message 25/70
> my grandma moves faster than you and she's dead
[Victim] — — Message 26/70
> what country are you in?
[Victim] — — Message 27/70
> What is your Political Affiliation?
[Akira] — — Message 28/70
> Wait a bit.
[Victim] — — Message 29/70
> YOUR COUNTRY SUCKS!!!!!!
[Victim] — — Message 30/70
> best i can do is 2 v-bucks
[Victim] — — Message 31/70
> I got some Chuck E Cheese tokens if that tickles your fancy
[Victim] — — Message 32/70
> I cant wait any longer i am watching paint dry
[Victim] — — Message 33/70
> okay fine...3 v-bucks take it or leave it
[Victim] — — Message 34/70
> you want some robucks? pls
[Victim] — — Message 35/70
> I got a $19 Fornite Card, Who wants it?
[Victim] — — Message 36/70
> chat are we cooked?
[Victim] — — Message 37/70
> [redacted].exe // 1.04 MB
[Victim] — — Message 38/70
> my local target wont let me buy any more gift cards, how should i pay you?
[Victim] — — Message 39/70
> money.jpg // 33.8 KB
[Victim] — — Message 40/70
> go ahead open it
[Victim] — — Message 41/70
> hello from the other side
[Victim] — — Message 42/70
> WEE WOOO WEE WOO
[Victim] — — Message 43/70
> You're probably wondering how this is happening XD
[Victim] — — Message 44/70
> i'm connected to your office cameras
[Victim] — — Message 45/70
> i have noth korean paypal how can i pay u
[Victim] — — Message 46/70
> R.gif // 1.71 MB
[Victim] — — Message 47/70
> Ill give you to the count of five to respond
[Victim] — — Message 48/70
> are we doing a deal or what?
[Victim] — — Message 49/70
> I guess i will reflash my computer. You guys are a joke lol. I need to do it the hard way smh
[Victim] — — Message 50/70
> shut-up-take-my-money.gif // 1.05 MB
[Victim] — — Message 51/70
> do you accept tiktok coins ?
[Victim] — — Message 52/70
> whats your OF?
[Victim] — — Message 53/70
> HONSE.jpg // 24.3 KB
[Akira] — — Message 54/70
> is your leadership aware of the incident?
[Victim] — — Message 55/70
> Duh?
[Akira] — — Message 56/70
> We're willing to set a $550,000 price for ALL the services we offer. Let us know asap.
[Victim] — — Message 57/70
> Hello
[Victim] — — Message 58/70
> Someone uploaded this locker to an online database of malware
[Victim] — — Message 59/70
> You need to give the corp a new password
[Victim] — — Message 60/70
> Are you official negotiator of Akira or just affiliate?
[Akira] — — Message 61/70
> Provide the link to that database and we will provide a new chat.
[Victim] — — Message 62/70
> Anyways, If you have direct access to Akira leadership, add me on Tox. I may have some accesses in the future that I want to send to you, depending on the group affiliate rates. ID: [redacted]
[Victim] — — Message 63/70
> [REDACTED URL]
[Victim] — — Message 64/70
> This is the link to the database - but i'm not the corp. I am an affiliate of another group.
[Victim] — — Message 65/70
> If you are the official negotiator or owner of Akira, could you add my tox specified above? I would like to have contact with you in case I have an access that i want to give.
[Akira] — — Message 66/70
> Thank you for this information. We will contact you if necessary.
[Victim] — — Message 67/70
> Hello
[Akira] — — Message 68/70
> Hello
[Victim] — — Message 69/70
> I have a USA access that im exfiltrating data from now, it is $400m yearly revenue as shown on zoominfo, although other sources like wikipedia say it has a yearly revenue of $900m USD. I was wondering if you are interested in me using your service to lock the corp. Let me know if you are open to discussion.
[Akira] — — Message 70/70
> We are not interested. Thank you.