// Context
About This Negotiation
This transcript documents a Conti ransomware negotiation with a redacted victim organisation.
The negotiation consisted of 9 messages exchanged over Unknown.
The initial demand is not clearly stated in the transcript. The final outcome is not confirmed in the transcript.
// Primary Source
Full Transcript — Verbatim
Reproduced from Casualtek's Ransomchats archive. URLs have been redacted.
Victim names are shown only where the breach was publicly reported in mainstream media. Any organisation wishing their name redacted can contact us at
enquiries@binary-response.com — we will act promptly.
[Victim] — 10/19/2020, 5:57:21 PM — Message 1/9
[redacted]: How much to recover?
[Conti] — 10/19/2020, 6:16:29 PM — Message 2/9
Support: Price for you is 74btc.
You need to pay this amount and we will give you decrypt tool for all
your machines, security report on how you were hacked, file tree on what
we have downloaded from your network and wiping log of that
information.
Take into consideration that we have downloaded a lot of data from your
network that in case of not payment will be published on public news
website and sold on the black-markets. We remove it after payment and
wiping log is provided as well. To start a business we offer you to
make payment in two stages. What amount you can pay today?
[Conti] — 10/19/2020, 9:46:26 PM — Message 3/9
Support: In the event that you
and we do not reach a consensus, we will start publishing and selling
your private information very soon. Please keep us writing notifying how
it is going if there is still no success, so we understand that you are
still with us.
[Victim] — 10/20/2020, 3:44:17 AM — Message 4/9
[redacted]: Checking with management regarding your response. Don't think they would pay more than one or two coins.
[Victim] — 10/20/2020, 3:46:48 AM — Message 5/9
[redacted]: You're asking for over 3/4 of million dollars. 865k.
[Conti] — 10/20/2020, 9:43:33 AM — Message 6/9
Support: We could give you
discount if you pay shortly. Also you should remember that we own all
corporate data, including personal info of the employees, clients data,
emails chats and etc. If you do not pay us, we will start to publish and
sell that data. Think about your reputation.
[Conti] — 10/21/2020, 9:08:00 AM — Message 7/9
Support: We think that you are
not completely aware of the seriousness of the situation. In the event
of a further delay, we will be able to use information resource
[REDACTED URL] and will start to sell you private data on the
black markets.
We will publish the full dump of your data on our news website with
1,000 visitors per day, 50% of them are mass media reporters and
regulators, the other part is blackhat hackers. We are not interested in
this, and we gain nothing from data publication, that is why we are
offer you a deal.
1) your clients data will be used by criminals
2) your clients will fill lawsuit against you
3) government regulators will fine you for data breach, if you have in
clients at least one EU resident then you will be also fined by EU
government by GDPR law with millions of dollars of fine or permit ban
for working with EU citizents. US has the similar laws, but they are not
so costly, however the total cost will exceed the asked amount from
you, so our offer is the best deal for you to resolve this issue.
[Conti] — 10/22/2020, 9:50:38 PM — Message 8/9
Support: Look to the leaked info
[REDACTED URL] so you understand how full dump looks like and
you could estimate your losses carefully, we have more 7 big companies
waiting in queue to be published, do not get traped into this list.
We need your decision today or you will be published.
[Conti] — 10/23/2020, 11:08:32 AM — Message 9/9
Support: Well we start to
publish your data. Here is the web link:
[REDACTED URL]
If you want to stop that process you have last chance for that.
Otherwise the most valuable part of info will be sold on the black
markets and the the rest will be published. Private data of your
employees and clients is under the risk, you have to think about it.