// Context
About This Negotiation
This transcript documents a Avaddon ransomware negotiation with a redacted victim organisation.
The negotiation consisted of 17 messages exchanged over Unknown.
The initial ransom demand was $400,000. The final outcome is not confirmed in the transcript.
// Primary Source
Full Transcript — Verbatim
Reproduced from Casualtek's Ransomchats archive. URLs have been redacted.
Victim names are shown only where the breach was publicly reported in mainstream media. Any organisation wishing their name redacted can contact us at
enquiries@binary-response.com — we will act promptly.
[Victim] — 02:52 18.05.2021 — Message 1/17
My files are encrypted, I just found this note. What do I do next?
[Avaddon] — 02:59 18.05.2021 — Message 2/17
Hello! You have been infected by the Avaddon
ransomware. Price for you is $400,000. To receive a general decryptor,
you need to pay the amount indicated to you in the BTC on the landing
page. After paying the ransom, you will receive a general decryptor that
will decrypt absolutely all PCs and servers on your network. We will
also provide you with a list of vulnerabilities in your network so that a
similar situation does not happen to you in the future. We also
guarantee the anonymity of the and attack no one will recognize this
incident. We are ready to talk to you and discuss on this matter.
[Victim] — 17:23 18.05.2021 — Message 3/17
What did you take? May I have a list of files to show my boss?
[Avaddon] — 17:46 18.05.2021 — Message 4/17
wait few min
[Avaddon] — 17:47 18.05.2021 — Message 5/17
We will prepare a small archive for you today and send it to you.
[Avaddon] — 05:25 19.05.2021 — Message 6/17
Hello guys
[Avaddon] — 05:25 19.05.2021 — Message 7/17
Sorry for taking so long.
[Avaddon] — 05:26 19.05.2021 — Message 8/17
[REDACTED URL]
[Avaddon] — 05:26 19.05.2021 — Message 9/17
Password: [redacted]
[Victim] — 23:06 19.05.2021 — Message 10/17
Thank you, we are downloading now and will reach out soon
[Avaddon] — 23:18 19.05.2021 — Message 11/17
ok
[Avaddon] — 23:19 19.05.2021 — Message 12/17
Specify when you will?
[Avaddon] — 17:55 22.05.2021 — Message 13/17
Any news?
[Victim] — 17:57 25.05.2021 — Message 14/17
I understand how serious this is, but my
boss does not. Will you send a list of the files you took so I can show
them how serious this is?
[Avaddon] — 18:28 25.05.2021 — Message 15/17
We can send you some random files so that
you can be sure that we have the files. We will not send the tree. But
just know that we have a lot of files and the leak is big, if you do not
understand the severity of the situation, go and read our blog.
[Victim] — 15:07 27.05.2021 — Message 16/17
Yes, please send the files.
[Avaddon] — 15:10 27.05.2021 — Message 17/17
Didn't you download the old archive? There is data.