// Ransomware Negotiation Transcript

Akira Ransomware Negotiation — Redacted Organisation

13Messages
UnknownDuration
$1.9MInitial Demand
UnknownOutcome
// Context

About This Negotiation

This transcript documents a Akira ransomware negotiation with a redacted victim organisation. The negotiation consisted of 13 messages exchanged.

The initial ransom demand was $1.9M. The final outcome is not confirmed in the transcript.

// Primary Source

Full Transcript — Verbatim

Reproduced from Casualtek's Ransomchats archive. URLs have been redacted.

Victim names are shown only where the breach was publicly reported in mainstream media. Any organisation wishing their name redacted can contact us at enquiries@binary-response.com — we will act promptly.
[Akira] — — Message 1/13
> Hello. You've reached Akira support chat. Currently, we are preparing the list of data we took from your network. For now you have to know that dealing with us is the best possible way to settle this quick and cheap. Keep in touch and be patient with us. Do you have a permission to conduct a negotiation on behalf of your organization? Once we get your reply you will be provided with all the details.
[Victim] — — Message 2/13
> yes
[Akira] — — Message 3/13
> List.7z // 952 KB
[Akira] — — Message 4/13
> These files were taken from your network prior to encryption. You can pick 2-3 random files up to 10 MB each from the list and we will upload them to this chat as a proof of possession. To prove that we can properly decrypt your data you can upload 2-3 encrypted files up to 10 MB each to our chat and we will upload decrypted copies back. We're looking through your financial papers to come up with a reasonable demand to you. We offer: 1) full decryption assistance; 2) evidence of data removal; 3) security report on vulnerabilities we found; 4) guarantees not to publish or sell your data; 5) guarantees not to attack you in the future. Let me know whether you're interested in a whole deal or in parts. This will affect the final price.
[Victim] — — Message 5/13
> how much?
[Akira] — — Message 6/13
> We're willing to set a $1,950,000 price for ALL the services we offer.
[Victim] — — Message 7/13
> alright, lets do it then!
[Victim] — — Message 8/13
> Let us know your wallet address?
[Akira] — — Message 9/13
> Here is our BTC wallet [redacted]. Let us know when can we expect the transfer.
[Akira] — — Message 10/13
> You have 24 hours to give us your decision regarding this deal. If you stay silent, we will announce the breach on our blog.
[Victim] — — Message 11/13
> ok, will send the amount!
[Akira] — — Message 12/13
> Let us know when to expect the transfer.
[Akira] — — Message 13/13
> You can find your company name in our news column: [REDACTED URL] If you want this post to be removed, we have to agree on something.
// Analysis

Analyst Observations

  • Akira emerged in March 2023 and quickly became one of the most active ransomware groups, targeting organisations across multiple sectors globally.
  • Akira threat actor profile — TTPs, ransom demands, and active campaigns.

Facing a Ransomware Demand?

Whether you choose to negotiate or refuse — having specialists in the room changes the outcome.

Contact Us Now Our Negotiations Service →