Conti Ransomware Negotiation — Redacted Organisation

Hi, we got a note to go to this website. Please help!

hello?

Hi, thank you for the message I will tell leadership.

Hello, I spoke with leadership and they told me that they can't afford that amount, and they are still trying to find bitcoin. They said they would pay $55,000 if you would take that, they have someone with that much bitcoin now.

I have no idea what that's supposed to mean. I'm just relaying what they can pay now. If you can't take that then say so and I'll tell them.

Ok I've let them know. Leadership would like to know what data you stole from us, can you show us proof?

Will you please stop with the sarcastic responses? I will be as blunt as you are, although more to the point: do you want to get paid? If so, then let's treat each other with respect and work a deal out. Otherwise you are wasting both of our time, this will go nowhere, and you can trust that I will let everyone know how unprofessional Conti is. This will have severe impact on your ability to be trusted, collect any future ransoms, etc. Maybe you don't care, but I promise it will be known if you continue to act in bad faith. I would like some evidence that you have our data, our leadership team and I think this is a reasonable request. Please respond with something useful to the conversation. Thanks.

Can you provide the password that we need to open the .7z files?

Thank you, we've reviewed the files. The leadership team has found another $10k to pay you, will you accept $65k for the decryptor and to destroy our files?

Hi, thank you for the response, I will let the leadership team know.

Hi, I relayed your message to our leadership. They responded that your offer is not realistic, there is no way for them to get that much money to pay you, that you should consider they are a small business and you should ask a small business size ransom. They may be able to get more money to pay you but nothing like what you are asking. It is just a fact. They ask if we could discuss something more realistic?

We do not have cybersecurity insurance, we are having to scrape together money that was budgeted for other projects. You've already hurt the business enough with the disruption, but to ask more for ransom means you hurt us a second time. Please consider that and let us pay you the $65k that we have available so we can all get back to normal.

We would like to purchase 1 computer. Using your math above, we can pay you 1/500 of $900,000 for each computer, which is $1,800. We will also pay $55,000 if you provide deletion and file tree. Can you sell us 1 computer unlocked? If this works maybe we buy more. Also you must provide evidence of deletion and file tree. This for $56,800.

Hi, we would appreciate you removing the deadline you just set. In our opinion, deadlines are a bad idea. We have nothing to negotiate with you until the deadline is removed. We simply want to be able to discuss options and think through the best course of action without the added stress of a countdown. We would appreciate the professional courtesy.

We have confirmed that all of our data has been restored. I can provide you with screenshots to prove this if you need me to. We don't need your decryptor. That said, we are interested in your promise not to disclose our data, and a deletion log, if you are still interested in selling. We offer $127,500 for your promise not to disclose and if you provide us with a file tree/deletion log. This is the maximum amount of cash that we can dedicate to this. We spent the last 4 days finding the extra cash. Awaiting your response.

Let me help you understand something: the only thing of value you possess is your promise not to disclose our data. If you "publish" "publication" or anything else related to this, you will get nothing.

That is why I suggested that you remove your deadline; it does neither you nor us any good. If you publish because of a self-inflicted "deadline", you will get nothing.

Now on to the price. Please stop trying to sell me the decryptor. Please let your boss know that we will pay $127,500 for your promise not to disclose/publish and proof of what you took and proof of the deletion of what you took. Standing by.

Also, it took 22 hours to get a response earlier. This is also another reason why a deadline is a bad idea. Please rescind the deadline so that we may reach an accord, otherwise this will end with zero payment if you disclose.

[redacted] Confidential Server.jpg [ 32kB ]

Proof of our data restored/systems operational:

[redacted] Desktop Screenshot.JPG [ 239kB ]

[redacted] Development Tools.jpg [ 202kB ]

[redacted] Domain Controller.JPG [ 70kB ]

[redacted] VM Console.JPG [ 75kB ]

How much for just deletion of the data? We just need that, your promise and proof that you deleted the data. Can we do business? $155k for that?

Hi, I understand you are trying to get the most money you can from this negotiation. Here's your dilemma: if you publish, you get nothing, and we only want your promised and proof that you destroyed everything. You are negotiating as if we are still trying to buy the decryptor so we can get our data back.

we already have our data back

We only want to buy your promise not to disclose the data you stole, and proof that you destroyed it. You've already threatened us with disclosing it. This is not "smart dialogues" I'm just stating facts here.

And the fact is we have very limited money and if you insist on asking us to pay you this much, or if you disclose or publish, you will get nothing. Can you please check with your higher ups (boss) and explain to them the situation, so that maybe they understand the value exchange we are proposing?

If we needed the decryptor, I could understand you continuing to ask for the massive amount you are asking for, but we don't need the decryptor. We just want your promise and proof you destroyed our data. How much is that worth to you? If we can't get to a number that is realistic and affordable to us, you will get nothing.

Also, we cannot pay until Tuesday when the banks open again (Monday is a holiday) IF we can settle on a price.

You threatened us with a deadline of the end of this week. I would appreciate you removing that deadline so that we can continue to discuss price. Again, if you publish, you get nothing. Standing by

Thank you for your willingness to work with us on price. As I mentioned, money is in short supply. I have been authorized to increase our offer to $175k with a promise to pay Tuesday for your promise and proof of deletion. Please understand we are not able to offer more and will have to pay you in at least two seperate payments (1 big 1 smaller). If this is ok, we can agree and will prepare everything for Tuesday.

Hi, your withdrawal of the price creates serious confidence and trust issues for our leadership. We offered all we could in a show of support for your new price, and then you withdrew it. We need you to offer serious prices only, continuing to dither on the price will result in nothing. Please reconsider.

You can characterize our offers in whatever way makes you happy, however you still hold nothing in your hand. If you want a productive conversation, let's start at $175k and see where it goes. We have to get approval to offer money to you, and that approval comes in small increments. It is just the nature of how our leadership operates. If you don't like it, sorry. You attacked us.

I will inform leadership

Our final super-offer is $250k, and we can begin payment today. Standing by.

Hi, I have informed leadership that you declined the super offer and of your new offer.

I will return with their response.

Hi. Leadership replied that if you can't meet us at our offer of $250k just for deletion, then give us the decryptor, destroy our data, and promise not to disclose the data for $300k.

Ok, I will inform leadership. We will give you files to prove you can decrypt prior to payment, if leadership agrees. We can pay $150k per day if leadership accepts.

Leadership agrees to $325,000. We will begin paying tomorrow, it will take until Tuesday to get it done completely.

We would like to get the file tree from you after partial payment tomorrow, we can get the rest from you after final payment, if you are ok with that.

If you need to wait until final payment for all items, just let us know, but the file tree will be useful now rather than at the end.

Please provide payment instructions and address

Hi, we are approaching the end of the day for us to be able to make payment today. We need the payment instructions

Hi, first payment sent ($150.000), next payment in 24hrs ($150.000), then final payment 24 hrs after that one ($25.000)

Hi, second payment sent ($150.000), next payment in 24 hrs ($25.000)

Can you acknowledge payment?

Thank you, next payment today

Last payment just sent 3/3, $25.000

Please provide file tree, deletion log, and decryptor once payment is confirmed.

Hi, we would like the File Tree and destruction log please.

Hi, still waiting on file tree and destruction log

Hi, we finished paying on Monday. It's Friday. Please provide file tree and destruction log

Hi, thank you for the file tree, can you please provide the deletion log?

Thank you. Now that we've paid the ransom amount, would you be willing to let us know how we were breached so that we can take necessary precautions in the future?