// Context
About This Negotiation
This transcript documents a Conti ransomware negotiation with a redacted victim organisation.
The negotiation consisted of 25 messages exchanged over Unknown.
The initial ransom demand was $350.00. The negotiation resulted in a confirmed payment.
// Primary Source
Full Transcript — Verbatim
Reproduced from Casualtek's Ransomchats archive. URLs have been redacted.
Victim names are shown only where the breach was publicly reported in mainstream media. Any organisation wishing their name redacted can contact us at
enquiries@binary-response.com — we will act promptly.
[Conti] — 08/07/2021, 10:05:57 — Message 1/25
Hello, are you ready to negotiate?
[Victim] — 09/07/2021, 14:07:06 — Message 2/25
Yes
[Victim] — 09/07/2021, 14:07:31 — Message 3/25
How much?
[Victim] — 09/07/2021, 14:08:33 — Message 4/25
c7.pdf.[redacted] [ 46kB ]
[Victim] — 09/07/2021, 14:08:49 — Message 5/25
I think no ones here
[Victim] — 09/07/2021, 14:09:19 — Message 6/25
Give me the price please?
[Conti] — 09/07/2021, 14:18:07 — Message 7/25
ok
please wait answer
[Conti] — 09/07/2021, 14:19:45 — Message 8/25
As you already know - your network and all of your data were encrypted by CONTI team. Besides the encryption process we've downloaded a large pack of your internal documents and files that will be published in case our negotiations fail. How it happens can be seen on our website
The recovery price is $350.000. If you want to make sure we can recover all of your data - you can send us the two files of your choice and we will decrypt them free of charge.
If we reach mutual agreement your will be provided with decryption tool, none of your internal data will be published and you will be provided with security tips on how to avoid further breaches.
We strongly recommend to review our offer in a timely manner.
[Conti] — 09/07/2021, 14:19:52 — Message 9/25
You can choose any 2 files from the listing, we will discard them as proof that the files were really stolen
You can also send 2 files for a free decrypt
[Conti] — 09/07/2021, 14:19:57 — Message 10/25
Upon conclusion of the agreement, our price includes
1) Universal decryptor for your network
2) Permanently delete all stolen information + logs of removing
3) Security advisories and report how we infiltrated your system
[Conti] — 09/07/2021, 14:20:59 — Message 11/25
30percentlisting.txt.txt [ 1.2MB ]
[Conti] — 09/07/2021, 14:24:57 — Message 12/25
datapack.zip [ 30MB ]
[Conti] — 09/07/2021, 14:33:01 — Message 13/25
How quickly do you want to conclude an agreement?
[Victim] — 09/07/2021, 14:34:29 — Message 14/25
350$, how many BTC?
[Conti] — 09/07/2021, 14:35:30 — Message 15/25
10.68 BTC
[Conti] — 09/07/2021, 14:48:18 — Message 16/25
How quickly do you want to conclude an agreement?
[Victim] — 09/07/2021, 14:54:33 — Message 17/25
1 month
[Victim] — 09/07/2021, 15:01:49 — Message 18/25
Discount please?
[Conti] — 09/07/2021, 15:17:21 — Message 19/25
I can talk to the boss about the 20% discount if you are willing to enter into an agreement within 72 hours
[Conti] — 09/07/2021, 19:21:16 — Message 20/25
c7.pdf [ 45kB ]
[Conti] — 12/07/2021, 08:46:14 — Message 21/25
The 20% discount was confirmed. So we are at the point of $280k
let me know when you're ready to pay and we will provide the btc wallet
[Conti] — 15/07/2021, 12:58:33 — Message 22/25
If we will not receive a reply from your side today we shall consider as you are not willing to continue the negotiations and start further actions against you.
[Conti] — 29/07/2021, 13:42:41 — Message 23/25
we are ready to publish first data
Silence will kill your business
It is much more profitable to conclude an agreement with us
[Conti] — 08/09/2021, 02:00:41 — Message 24/25
We have not entered into an agreement.
Let's discuss new conditions?
[Conti] — 28/09/2021, 21:11:26 — Message 25/25
Are you ready to continue the dialogue?