Conti Ransomware Negotiation — Redacted Organisation

Support: Greetings! We are ready to help you! Please, introduce yourself.

Support: Test decrypt Download: [REDACTED URL] Delete: [REDACTED URL]&q=[redacted] password - [redacted]

Support: Good morning. Please, introduce yourself.

Support: Your network was ATTACKED, your computers and servers were LOCKED. Take into consideration that we have also downloaded data from your network that in case of not making payment will be published on our news website. After the payment you will get decryptor to all your systems, full file tree of downloaded data, non-recoverable deletion with proof log and security report on how you were hacked. We downloaded all employees private info, company's financial documents and etc. In case of not making payment will be also published. More than 300GB of private information has been downloaded from your servers. Including financial data of your company, personal data of your employees and their family members, company agreements, and most importantly, PERSONAL data of patients with their SSN, DOB, addresses and diagnoses of diseases.

Support: Overall price is $15,000,000. For this price you will get everything mentioned above. Please pass this information on to your management. In the future, we are ready to communicate only with the representative who can make such decisions. We are ready to provide you with a small set of files from different servers of your company. You can download here [REDACTED URL]

Support: We have studied your company and your services, as well as your financial situation and the price taken by us not at random, but calculated in relation to your turnover and potential losses of the company.

Support: Once again, we ask you to pass this information on to your management. We are also aware that you have insurance against these cases. If your management does not contact us within 3 days, we will begin to publish your private data.

Support: You will have incur losses much bigger than we ask, because of government fines and lawsuits from your clients and patients. Do you have insurance for lawsuits costs? However, you have a chance to save millions of dollars. We are ready to listen to your proposal and, if it is acceptable, then think about it.

Support: We've already sent you proofs. Private data (like SSN, DOB) of your staff, data of clients, their diagnoses and your top-management data are not enough? We perfectly understand, that you are following the tutorial, no offence by that. Staff data doesn't worth anything for you? But if we will just say for a moment, that there is an announcement on our news site (and the rest of the cartel news sites), that your company had lost private data of your customers,patient ... US part of the revenue will go to zero, just as number of possible new contracts. We've already done such things before, and our "customers" were forced to face the grim consequences. We think, that there is no point in efforts to display more proofs. Situation is perfectly clear and we're already in the middle of negotiations. Of course, we just want to make money, and not to destroy business of our clients. We hope, that your board have enough commerce sense to make right choices.

Support: How can we start negotiating a price if you do not offer a specific amount? We do not divide the price by the cost of the downloaded information, the cost of the decryptor. We have examined your insurance, your bank statements and other financial documents and we estimate it at this amount.

Support: Are you serious that you don't have insurance? What is it then [REDACTED URL] Invite a person to chat who really solves such issues. We are not ready to negotiate with an incompetent person.

Support: Of course, the price is high, but it is much, much more cheaper, than pay to all the lawsuits, that your clients will send to you, because you have lost so much of their data. Companies of your size can lost tens of millions in such cases. [REDACTED URL] this is one of the examples.

Support: We will provide the decrypt tool to you as soon as we receive payment. It uses very easy. Also we could decrypt several files more as samples.

Support: We have not yet heard from you an adequate price. The longer you drag out, the more you incur losses. We have a lot of experience in this area and we are perfectly aware of how much a company like you can pay. Let's not waste time and move on to specific steps. We are waiting for an adequate offer from you.

Support: Good morning, please transfer these files to Albert Maury and Ann Mary Pardo [REDACTED URL]

Support: Ok we will keep all in secret while you are negotiating with us.

Support: Thank you for your offer. But unfortunately we must reject it. We have studied your bank statements and you have sufficient funds in your accounts to find the required amount. We are ready to meet you and reduce the price to $12,500,000.

Support: As I told you before you offer ($1,200,000) is unacceptable. We appreciate your desire to resolve this situation quickly and are waiting for your specific proposals?

Support: I think you are being disingenuous when you say that there is no money. We've seen your bank statements. At the same time, the insurance company will fully reimburse you for losses from the incident. We reviewed the insurance and consulted with experts. If you want to get more discounts, give more worthwhile arguments. We are waiting for an adequate offer.

Support: So you want to reach an agreement and get the desired result? Or will we just exchange unnecessary remarks? We are waiting for a new price offer from you.

Support: Amount of money we want is just a small piece of your possible losses including but not limiting direct expenses such as payments for data recovery, dramatic cash flow drop, legal & government fines, attorneys & lawyers interests, but also reputation impact resulting in long-term customer abandonment.

Support: We are ready to take one more step towards you and make a discount of $ 2,500,000. Your price now is $10M

Support: You are cunning again. You won't bear any legal and government fines if we reach an agreement. We have already gave you a huge discount. And now we are waiting for your offer. You can go to your leadership and tell him that the price now is $10M.We have great experience.And we know what losses you will incur if your private information is published.

Support: Good morning. Why are you asking questions that have already been answered? The full file tree will be provided to you only after payment. Unfortunately, we already had a sad experience when we gave a complete list of downloaded data before paying. In our opinion, we have provided you with a fairly complete picture that we have ALL sensitive information that was stored on your file servers, SQL databases, as well as in your medical programs. If you want to take the risk and not negotiate with us, then this is your right. But trust our experience that in this case your expenses will far exceed the cost of $ 10 million.

Support: If you think that your personal data is cheaper, offer a price. $1,200,000 is unacceptable.

Support: Also you can see a full file tree for free when we will published it on our cartel's news site.

Support: It's up to you. If your leadership wants to destroy the business for $1.2m it his choice.

Support: According to your financial reports your situation is much better than you say. As a group with an estimated yearly revenue ~$0.5billion you have enough money to pay us. We are giving you one more discount and the price now is $8,000,000

Support: SQL databases are very large. To download them, we compressed them. All your data is archived on servers. You are not the only company with which we are negotiating and we have neither time nor free disk space to unzip the data of each locked client.

Support: We can unzip all your downloaded databases, analyze information from them and provide you with data. But it will take a long time and most importantly, we will return to the original price. I don't think it will suit you.

Support: We don't think, that our estimates are incorrect. Your financial reports are somewhat more reliable, than your word here and now. And your proposal here is just from the textbooks - five times less, than our initial demand. It seems, that you do not understand, how works our group. We don't ask $150 millions, to receive our demand of $15 millions. So you should understand, that our team have plenty of projects running, and yours - just one from many. If we don't reach an agreement, we'll just shorten our profit. And on other hand, you would be ruined. We have already gave you a HUGE discount. We'll wait for your serious proposal.

Support: Of course, we understand, that your work here is not easy and requires efforts to convince your board members. But we are still far from agreement. Our estimates are still much higher, than your proposal. We hope, that you will give us better price. And since it is our mutual interest to speed up our negotiations as much, as we can - take more serious steps toward us. It would be much easier than for us to make steps to you in response.

Support: Not today. As I told you before we need to unzip the archives.

Support: If you can wait we will try to speed up the process. But I really don't know how long does it takes us.

Support: My tech just told me that it could take us up to 3 days.

Support: Here some proof for the board [REDACTED URL]

Support: More coming... But I think above archive is enough to make a right decision. Am I correct?

Support: We are now sure that you are just trying to drag out time. Before that, you said that our decryptors are losing value every day. Now you say that you are ready to wait for some files for 3 days. You are a bad poker player and a bad negotiator. We will, of course, provide you with another randomly selected SQL base,just to confirm that we are not bluffing you (it takes some time). We suggest that you have to decide whether you give us a serious proposal now or we begin to publish your data and notify your patients, clients, etc.

Support: Good morning. As I promised earlier I will send you one SQL base from server [internal IP address] . It's still preparing. But I won't give you any more files. If we do not come to an agreement, then you will see all your databases for free on the cartel's news servers. There will be many surprises for you.

Support: Download: [REDACTED URL] Delete: [REDACTED URL]&q=[redacted] passwod - [redacted]

Support: [REDACTED URL]

Support: So we are waiting for final offer from you and will decide with our team what to do. $1,700,000 is not acceptable anyway.

Support: Thanks.

Support: Good morning. We've discussed your proposal with team, and we are ready to make another discount. Your price is now $6'250'000. Of course, we are ready to move on further, depending on your offers. Time is crucial here, so the more serious steps you will take in our direction, the faster we will get an agreement. We understand, that any downtime of your business is not in your interests, it is quite costly. Possible losses, however, are much more expensive. But in fact, your downtime is not in our interests too, I can assure you. We know, that you have insurance, reserves, and possibility of loans. Your overall reserve is quite better, than your proposal. Make better offer, and we will move on.

Support: So this is your final proposal?

Support: I will convey your decision to my management. If it is rejected, then we start publishing your data. You have an hour to change your mind.

Support: Regarding SQL, you already had worthless admins. And now they can't even attach a working file. I think this attack will be a good lesson for you and I will recommend the management not to conclude an agreement with you on the current terms.

Support: The management rejected your offer. But today is Friday the 13th and this is a bad date for making a decision. You have until Monday to submit a new price.

Support: No private information will be released until Monday. But we ask you not to abuse our favor to you anymore.

Support: Good morning. We are waiting for your decision.Thank you.

Support: We have just discussed your situation with the management, and we are ready to give you more time to find funds.

Support: Hello, As I already told you the database we sent you from SQL base from server [internal IP address] May be it wouldn't work cause you need to decrypt other SQL files from this server.

Support: Nope cause all files are zipped. Why are you asking this question again? Your admins don't know what files they have on server [internal IP address]?

Support: This is not what we agreed on. We gave you time to search for funds and not to fish out new information from us. We are waiting for a new proposal from you and we will give you a few more files.

Support: [REDACTED URL] Is this critical data for the board?

Support: The longer we study your files, the more important information we find in them. Credit card information will be one of the most expensive in the event of a defect.

Support: We are ready to listen to your proposal and after it we will give you more files. Time is running out please don't delay. We have to close the deal this week.

Support: How long will it take? Let's arrange deadlines.

Support: As I told you before we will share more files with you after your proposal. Sorry my management told me not to make any exceptions. We already told you that we found a lot of credit card with cardholders info.

Support: Tell the board we have credit card details. They are not hundreds, but tens of thousands.

Support: Sorry my management told me not to make any exceptions.

Support: Good morning. Thank you for an update. Please keep us updating on each step from your board. We have to be sure that you are in touch and willing to close the deal.

Support: Hmmm. I'll need to check it with my management.

Support: My management has consulted and gives you a reprieve until Monday until 2-00 pm

Support: Have a good weekend also.

Support: Ok

Support: Considering the steps you are taking, we are ready to make you a very good offer only if you quickly enter the deal. New price for you $ 5.000.000

Support: How much time do you need?

Support: Let's define the amount of the deal. We are ready to divide this amount into 2 payments. For example, you pay $2,800,000 this week and receive decryptors. Pay the rest in 2 weeks and get the rest. Unfortunately, we do not have time to wait for you endlessly.

Support: We understand that your board is more puzzled by its holidays than by this problem. In our opinion, if people want to solve a problem quickly and not against the interests of other people, then they gather and make efforts for this.Of course, we will give you time until Monday only because we do not want ordinary employees and patients of your company to suffer from the leakage of their personal data. We also ask you to transfer to the board so that they speed up and do not delay solutions to this situation.

Support: Thanks for an update. We can give you a good discount again if you are ready to make a deal on the price today.We are ready to divide the amount into 2 payments.

Support: May be you can take an advice here... If you are serious about coming to an agreement, you should say something like... "Well, we don't have money now, but we can 100% find (for example) $4'800'000 in one week". And we can then figure something out from that position (and wait for you to get things done for all that week). But if you are going to offer us $3'000'000 on Monday, that will be viewed as an insult. We are trying to get to an strategic agreement here, and not approving +$200'000 every day, what is a waste of time really. We are business people, after all, and we prefer to think, that you are business people too. We know, that you will receive compensation for any financial losses from your insurance. So the question is not in that point, that you can't afford to pay us $5'000'000, but in point, that you don't have enough funds *right now*. I think, we should talk about that.

Support: Good morning. So you are not going to give us any offer now?

Support: [REDACTED URL]

Support: Good morning. We still did not get any offer from you. If we don't hear it today, we will start publishing your private data.

Support: After the payment you will get decryptor to all your systems, full file tree of downloaded data, non-recoverable deletion with proof log and security report on how you were hacked.

Support: Ok we will wait. But please don't delay anymore.

Support: We are trying to get to an strategic agreement here, and not approving +$200,000-$300,000 every time, what is a waste of time really. We are business people, after all, and we prefer to think, that you are business people too. We know, that you will receive compensation for any financial losses from your insurance. So the question is not in that point, that you can't afford to pay us $5'000'000, but in point, that you don't have enough funds *right now*. I think, we should talk about that.Please give us your final proposal and we will decide to accept it or not. As I told you before we can split the amount into 2-3 parts. But we need to make a STRATEGIC agreement on the amount.Please decide and don't delay. Time is over.

Support: You are not our first target who has insurance against such cases. And we know how much, what and how the insurance payments are spent. We are ready to give you the last discount. Our conditions are as follows. You pay us $3.1M and we give you decryptor tool. Until December 30th, you pay another $1M and we give you file tree of downloaded data, non-recoverable deletion with proof log and security report on how you were hacked. We guarantee you that no data will be released until December 30th.

Support: Please update us with your decision.

Support: Our final price for you is $4,100,000. We expect your decision no later than Friday 10-00AM EST. Until that time, we guarantee that nothing will be made public.

Support: Good day. Do you have a decision?

Support: Good morning. This is a serious approach to business.Y ou will get decryptor to all your systems, full file tree of downloaded data, non-recoverable deletion with proof log and security report on how you were hacked.

Support: Also we will give you our advice on how to make your network more secure.

Support: Our BTC wallet [redacted]

Support: How much can you transfer today as the seriousness of your intentions? It's just that all the deadlines for your company have come out and my management requires this from me.

Support: I have to report something to the management today. What is your specific suggestion? When are you ready to pay?

Support: Ok. Please update us on Monday. I'll also tell you what time frame my leadership gives you.

Support: Good morning. Please update us with payment time frame.

Support: Please be more specific with exact day.

Support: What is the loan amount?

Support: Good morning. Our management asks you to explain why you are raising borrowed funds to pay off with us if you have enough own funds in your accounts?

Support:  [redacted] 10 15 2020.xlsx [ 375kB ]

Support: My management wants to hear the answer today to the question: When will you transfer bitcoins to us?

Support: Thank you for an update. We always keep the terms of the contract. Your information will not be published or any other way disclosed.

Support: Good morning. Do I understand correctly? The bank transfers money to your account today. Tomorrow you transfer this amount to the broker and the broker will transfer it to us tomorrow?

Support: OK but if we do not receive the payment on Friday we will start publishing your private data. That's our final decision.

Support: Now we start to collect all patient's emails from data we have collected from your servers. All patients will be notified about the leakage of their personal data from your servers.

Support: We have trusted you for a long time and now time is playing against you.

Support: You have our BTC wallet [redacted].

Support: You are constantly pushing dates back. We have a strong opinion that you are just playing for time. If you really want to close the case, then you need to transfer any amount on Friday to our BTC wallet. Otherwise, we will be forced to start the procedure for publishing your data.

Support: Sorry, but we do not believe you that a company of your size does not have 200-300k on the account to make an advance payment as confirmation of your intentions. Sorry, but you had enough time to solve your problems with the bank.

Support: While you were solving your problems of finding money, we downloaded another 40GB of data with the diagnoses of your patients.

Support: One more question. How can the bank pay us directly?

Support: We cannot wait forever. Therefore, we have set time X for you. If your intentions are serious, you will find a small amount for us.

Support: If there is no money, then there is no agreement. I think when we start spreading your information it will spur you on and you will find money to save yourself from even larger losses. We consulted with lawyers and calculated that only the fines for the leakage of personal data will exceed the amount we ask for several times. I am not even mentioning what losses you will incur in the future because of a damaged business reputation. You have no more time. Please make a decision on which path you are going.

Support: We have voiced our position to you. If you do not name a specific date today, then publication cannot be avoided.

Support: You no longer need to write here that the bank is slowing down payment, etc. Specifically, you must give the date of payment. The games are over.

Support: Please confirm all conditions from your side for Tuesday the 15th.

Support: Our management is not happy with this answer. We need a specific date when you will pay and not an answer when maybe you will pay if .....

Support: As we understand, you do not want to resolve this issue peacefully. It's your right.

Support: Can you clarify to us. We have just examined your main bank account [redacted] at [redacted] bank. You simply can pay the broker today from that account. There is enough money.

Support: It seems to us that you are misleading us. What is the difference between the funds in the account now and those that will be credited tomorrow?

Support: There are a lot of inconsistencies. You yourself are already confused about what you wrote earlier in the chat. Make a decision. You pay or not. We don't intend to wait any longer.

Support: Remember how much cash you said is on your table?

Support: So you should understand, that our team have plenty of projects running, and yours - just one from many. If we don't reach an agreement, we'll just shorten our profit. And on other hand, you would be ruined. That is much more serious threat, than none making payment to us.

Support: Could you give some proof that the bank is slowing down the loan payment? Forward the emails from bank to [redacted]@outlook.com

Support: My leadership is going to a meeting now. In an hour, a final decision will be made on you.

Support: I have a final decision on [redacted]. The negotiations are over. You have 48 hour left to make a payment to our bitcoin wallet. Before transferring bitcoins, you need to confirm the wallet. The countdown went from 3:00PM EST. Our management has developed a special plan in case the funds are not received on time. And for you it really will be a "surprise".

Support: You must declare a personal data breach yourself or we will do it ourselves.

Support: More than 1 million personal data will be published soon.

Support: Parse the Internet and you will find a lot of interesting things about your company.

Support: Good morning. And why are we silent?

Support: Good day. Do not think that we have forgotten about you. Just busy at the end of the year with more important things. We have already agreed with partners to publish your patient's private data. Also next week we will send out a press release for companies involved in the field of computer security. But you still have time.......

Support: [REDACTED URL]

Support: ...this is just the beginning...

Support: Did everyone in [redacted] receive email from us toady?

Support: We gave you 3 days to respond. Tomorrow is the last day.

Support: Can you give us your valid email address? We are going to close this chat and we need to put you in a copy when we send out a press release about [redacted].

Support: [REDACTED URL]

Support: [REDACTED URL]

Support: We are going to post the log of this chat. Do you agree?

Support: updated [REDACTED URL]