// Context
About This Negotiation
This transcript documents a Avaddon ransomware negotiation with 20210518.
The negotiation consisted of 24 messages exchanged over Unknown.
The initial ransom demand was Unknown. The final outcome is not confirmed in the transcript.
// Primary Source
Full Transcript — Verbatim
Reproduced from Casualtek's Ransomchats archive. URLs have been redacted.
Victim names are shown only where the breach was publicly reported in mainstream media. Any organisation wishing their name redacted can contact us at
enquiries@binary-response.com — we will act promptly.
[20210518] — 15:59 18.05.2021 — Message 1/24
привет
[Avaddon] — 16:10 18.05.2021 — Message 2/24
Hello! Chat in English.
[20210518] — 16:11 18.05.2021 — Message 3/24
hi
[20210518] — 16:11 18.05.2021 — Message 4/24
how can i change my avatar?
[20210518] — 16:12 18.05.2021 — Message 5/24
how much?
[Avaddon] — 16:16 18.05.2021 — Message 6/24
Where are you from?
[20210518] — 16:17 18.05.2021 — Message 7/24
Kazakhstan
[20210518] — 16:17 18.05.2021 — Message 8/24
we don't have so big money you asking
[Avaddon] — 16:29 18.05.2021 — Message 9/24
Wait a bit, we'll get back to you soon.
[20210518] — 16:43 18.05.2021 — Message 10/24
ok
[Avaddon] — 05:27 19.05.2021 — Message 11/24
tell me what kind of company are you?
[Avaddon] — 05:28 19.05.2021 — Message 12/24
what do you do? do you have your own website? We do not work in the CIS countries and if we make sure that you are a company located in the CIS, then we will decrypt you for free.
[20210518] — 07:26 19.05.2021 — Message 13/24
we are small wellding company who has finance problems at the moment.
[Avaddon] — 08:13 19.05.2021 — Message 14/24
Hey! We need proof of your identity. If you provide us with a photo of your documents and face, we will give you a decryptor free of charge.
[Avaddon] — 08:13 19.05.2021 — Message 15/24
Make a photo of your passport against your face. Then make a photo of the passport on the background of the monitor with encrypted files, you can open the properties of the file. Send us a photo through the service [REDACTED URL]
[20210518] — 09:12 19.05.2021 — Message 16/24
ok. Thanks.
[20210518] — 09:12 19.05.2021 — Message 17/24
[REDACTED URL]
[20210518] — 09:13 19.05.2021 — Message 18/24
here is a link to photos
[Avaddon] — 09:20 19.05.2021 — Message 19/24
We apologize for this situation, this is an accident. We do not work in the CIS countries.
[Avaddon] — 09:21 19.05.2021 — Message 20/24
You can download the decryptor on your payment page, update it. Run the decryptor according to the instructions.
[20210518] — 09:49 19.05.2021 — Message 21/24
thanks.
[20210518] — 09:50 19.05.2021 — Message 22/24
i wonder how you getting access?))))
[Avaddon] — 10:02 19.05.2021 — Message 23/24
About vulnerabilities in your network. These are weak passwords and old operating systems, the operating systems that you used have vulnerabilities, with the help of them an attack was carried out on your network. Use strong passwords and hide them as best as possible and update all your OS to the latest versions.
[20210518] — 13:49 19.05.2021 — Message 24/24
thanks a lot!!