BlackMatter Ransomware Negotiation — Redacted Organisation

hi

Looks like our files encrypted by you, can you please assist?

we're here to negotiate, our management wants to make sure that you have our data if we are to pay, can you provide some proof of the data, sample data etc.?

Please let us know if we can obtain some proof data. Thanks.

No we have not received the files, please send or let us know where to download the proof data. Also, we would like to see files in our buffalo backups since those systems were formatted we would like to make sure those files are available too. Thanks for working with us!

Thank you! I will send these to our management for review.

They asked if you could provide proof of some of the files below:

\\vhost2\data\v[redacted]\v[redacted]\virtual machines\   A few files from this folder. 192.168.0.31\data\sqldata\db[redacted]_eng.mdf 192.168.0.31\data\sqldata\[redacted].mdf

Also, while we're reviewing the files, is it possible that the timer can be stopped as we're working on the funds? Thank you so much!

Thank you. Does that mean you don't obtain those .mdt requested above, and cannot provide them after payment, we would need to use the decryptor to decrypt them, correct?

Hi. We checked the portal a couple of days ago and this chat portal was down, I couldn't get in to chat with you. I made a request via "Contact Us" button, (Request ID: [redacted] for your reference.) And we had a long holiday weekend. Can you extend the timer again due to the portal being down?

Also, our management wants to make sure, once the payment is make: 1) you will provide us the data back through download, 2) you will delete our data from your side and provide proof, 3) you will provide us the decryptor, with support if there is any question or issue with the decryptor), 4) you will tell us how you hacked our network, 5) you will not publish the data or the blog post / any media that you hacked our network and data. We were just able to test the decryption too now that the portal is back up. Please confirm and I will let my management know. Thank you!

Perfect. Thank you for the confirmation!

Our management had a meeting today and they would like to ask if you will take $150,000. We know this amount is small compared to your initial demand, but please understand that we sell [redacted] to school and government, and as you know, since covid started, all school has closed or gone online so no one has been buying our [redacted], therefore we have been suffering as many other business. Also, looking at your main page, where you mention that you do not attack government sector, if we work with school and government like that, do we qualify for the free decryptor? Just thought we'd check. Again, thank you for working with this. Please let us know if any of these works for you.

Thanks for verifying that we do not fall under your rules. Please understand that we are a small company and do not have significant capital, and we are here to negotiate in good faith. Our management would like to know the amount that you can come down off the initial demand. Thank you.

Hi. the bank statement isn't actually telling much, we have expenses that the bank statement doesn't show, and a lot of those money in the statement are not ours, they're on-hold funds from other entities. If we were to pay 4M based on that bank statement, we would be out of business. Our management came back with $250,000, which is the most that they can get at this point. Please understand and help us out.

Can you please give us more discount? Really covid and everything have been hitting us hard. We really appreciate your help, anything we can get.

Sorry I didn't get that ...

Hi. Our management has gone to the board and this is a huge number for them, they can try to squeeze out $350K now, please help work with us here and see if this is acceptable. Thanks for your help!

We've been going out to get loans from the banks and able to get $500K total. We can pay within the next 24 hours if you accept this amount. Please let us know. Thank you!