// Context
About This Negotiation
This transcript documents a Conti ransomware negotiation with a redacted victim organisation.
The negotiation consisted of 12 messages exchanged over Unknown.
The initial demand is not clearly stated in the transcript. The final outcome is not confirmed in the transcript.
// Primary Source
Full Transcript — Verbatim
Reproduced from Casualtek's Ransomchats archive. URLs have been redacted.
Victim names are shown only where the breach was publicly reported in mainstream media. Any organisation wishing their name redacted can contact us at
enquiries@binary-response.com — we will act promptly.
[Conti] — 2/19/2021, 11:59:49 AM — Message 1/12
Hello, are you ready to negotiate?
[Victim] — 2/22/2021, 8:16:33 AM — Message 2/12
Hi. We're still struggling here. How much data did you take from us?
[Conti] — 2/22/2021, 10:43:32 AM — Message 3/12
I will provide the data pack example later today.
[Conti] — 2/22/2021, 10:51:20 AM — Message 4/12
The whole amount of data is about 250gb
[Victim] — 2/22/2021, 2:42:43 PM — Message 5/12
All right. We'll be waiting for the data pack example.
[Conti] — 2/22/2021, 2:46:19 PM — Message 6/12
It is currently unpacking, but as soon as it's ready you will be provided with the file listing that will contain 30% of all the data and some files examples. You will be able to choose two random files from the listing and we will upload them as a proof.
[Victim] — 2/23/2021, 7:05:48 AM — Message 7/12
Ok
[Conti] — 2/23/2021, 9:44:07 AM — Message 8/12
30%listing.txt [ 3.8MB ]
[Conti] — 2/23/2021, 10:12:40 AM — Message 9/12
datapack.zip [ 480kB ]
[Conti] — 3/4/2021, 1:55:21 AM — Message 10/12
The preview of the press-release : [REDACTED URL]
[Conti] — 3/31/2021, 2:04:21 PM — Message 11/12
We have finally gathered all the necessary documents and files regarding your COMPANYs DATA. At the moment we are transmitting your information to our partners in MASS MEDIA SOURCES around the Europe.
But you can still avoid your data being disclosed and finally stop it. You know what to do. You have been provided with the instructions already.
Just to let you know - we dont care who PAYS for the DATA. Your company or our Partners. The only thing you should care is YOUR REPUTATION being at HIGH RISK at the moment. Once your data is transmitted in full - you wont be able to abort this operation. You will have to deal with consequences of your disregard.
[Conti] — 4/1/2021, 3:49:58 PM — Message 12/12
The payment amount is 1 500 000 $ and if you pay by tomorrow evening (European Time) lets arrange April 2nd by midnight - you will get extra discount of 30% - SO the total amount will be 1 050 000$ It is quite generous from our side. After successful transfer - we forget about this small incident and disappear with all data shredded !!!