// Context
About This Negotiation
This transcript documents a Conti ransomware negotiation with a redacted victim organisation.
The negotiation consisted of 27 messages exchanged over Unknown.
The initial demand is not clearly stated in the transcript. The final outcome is not confirmed in the transcript.
// Primary Source
Full Transcript — Verbatim
Reproduced from Casualtek's Ransomchats archive. URLs have been redacted.
Victim names are shown only where the breach was publicly reported in mainstream media. Any organisation wishing their name redacted can contact us at
enquiries@binary-response.com — we will act promptly.
[Victim] — 12/17/2021, 2:18:29 AM — Message 1/27
Hi
I want to make sure if you can recovery my data
this is my id [redacted]
[Victim] — 12/17/2021, 2:37:14 AM — Message 2/27
How much data did you already have?
[Victim] — 12/17/2021, 3:12:11 AM — Message 3/27
hello
[Conti] — 12/17/2021, 3:19:38 AM — Message 4/27
hello
[Conti] — 12/17/2021, 3:21:06 AM — Message 5/27
before we start dialog send me name of your domain and random names of few servers
[Victim] — 12/17/2021, 3:24:44 AM — Message 6/27
My files encrypted with .[redacted] extension
and the name of server is [redacted]
[Conti] — 12/17/2021, 3:28:11 AM — Message 7/27
ok
[Victim] — 12/17/2021, 3:29:57 AM — Message 8/27
can you give some file from the server ?
[Victim] — 12/17/2021, 3:31:10 AM — Message 9/27
can I request name of file
[Conti] — 12/17/2021, 3:32:51 AM — Message 10/27
yes, i can do it, but later
about requesting the name you can try, but i' m not sure that it will be in our listing
[Victim] — 12/17/2021, 3:34:48 AM — Message 11/27
How long do I ave to wait for decrypted file ?
[Victim] — 12/17/2021, 3:36:02 AM — Message 12/27
Can I get ticket number so I can contact you later with my previous request
[Conti] — 12/17/2021, 3:37:23 AM — Message 13/27
what do you mean? after you pay you get decryption software
[Victim] — 12/17/2021, 3:37:45 AM — Message 14/27
I request two files name that mention below
[redacted] Assessment.docx
Template_OWASPv4_Checklist.xlsx
show me if you can recovery the file
[Conti] — 12/17/2021, 3:38:46 AM — Message 15/27
send me here encrypted files and i' ll do decrypt
[Victim] — 12/17/2021, 3:38:55 AM — Message 16/27
I' ve not pay decryption software yet, but You said give us free for two files
I just want to make sure if you can decrypt it
[Victim] — 12/17/2021, 3:39:15 AM — Message 17/27
Template_OWASPv4_Checklist.xlsx.[redacted] [ 408.02 KB ]
[Victim] — 12/17/2021, 3:40:20 AM — Message 18/27
not the files , just wait , I' ve problem with my connection
[Victim] — 12/17/2021, 3:41:13 AM — Message 19/27
I cannot upload others file
[Conti] — 12/17/2021, 3:42:53 AM — Message 20/27
maybe it' s big, try some smaller file
[Victim] — 12/17/2021, 3:43:28 AM — Message 21/27
it just 10MB
[Conti] — 12/17/2021, 3:44:56 AM — Message 22/27
it' s too big for this chat
[Victim] — 12/17/2021, 3:47:59 AM — Message 23/27
oh , okay just try to decrypt file that I upload before
[Conti] — 12/17/2021, 3:48:15 AM — Message 24/27
ok, wait
[Conti] — 12/17/2021, 8:50:29 AM — Message 25/27
Template_OWASPv4_Checklist.xlsx [ 407.50 KB ]
[Conti] — 12/17/2021, 7:53:17 PM — Message 26/27
you checked file?
[Conti] — 12/20/2021, 9:20:03 PM — Message 27/27
in 2 days i' ll start publish your data