// Ransomware Negotiation Transcript
Conti Ransomware Negotiation — Redacted Organisation
// Context
About This Negotiation
This transcript documents a Conti ransomware negotiation with a redacted victim organisation. The negotiation consisted of 34 messages exchanged.
The initial ransom demand was $1.2M. The negotiation resulted in a confirmed payment.
// Primary Source
Full Transcript — Verbatim
Reproduced from Casualtek's Ransomchats archive. URLs have been redacted.
Victim names are shown only where the breach was publicly reported in mainstream media. Any organisation wishing their name redacted can contact us at enquiries@binary-response.com — we will act promptly.
Hello, are you ready to negotiate?
Yes tell me how much I have to pay. We are ready to pay you for our data. I have some questions also. after payment will you provide support service? And where I have to pay?
We will provide all the relevant information the soonest possible.
Please provide your company name
Let me know if you need the decryption tool. The price will be based on this fact.
company name is [redacted] now help us fast please
please keep the price low it's a request
We will discuss and let you know within few minutes.
okay please stay online
Are you acting on behalf of [redacted] ?
Please provide us two files for the test decryption.
ok wait
desktop.ini.[redacted] [ 708B ]
ntuser.ini.[redacted] [ 554B ]
now help us fast please with your price and address. One question after payment in how much time we will get the decryptor??
Are you there?? We are waiting for your reply?? How long we have to wait for it?
we will provide the decrypted copies soon. Right now we are trying to figure out what of your resources were attacked, cause for now as we can see this particular strain of Conti was used in [redacted] network, so I ask you again, are you talking to us on their behalf?
As soon as the payment is made the decryption tool will be provided within 20-30 minutes.
Yes we are talking on behalf of them
Do you need the list of the data that was taken from their network?
The price for the decryption tool and the data for lounsburys.com is $1.25mil
if you can provide it will be good
Can you please provide some discount??
We can make 25% discount if the payment will be made within 24 hours.
desktop.ini [ 174B ]
I've processed the request for the file tree list and example data pack to the tech dept. Will upload as soon as they reply
Ok and where we have to pay??
ntuser.ini [ 20B ]
The btc wallet for the payment is : [redacted]
Can you please provide non-segwit address if you don't have any problem
Can we request one more thing please?? Amount is very huge.. can you accept the money into multiple addresses, if you don't have any problem. We will try to pay with diff-diff wallets. I hope you understand our situation. It's a humble request
Here's the list of addresses for the payment, all are non-segwit :
[redacted]
[redacted]
[redacted]
[redacted]
[redacted]
Let me know if you've received the addresses. I will have to go offline for a couple of hours but I will be able to get back to you later today.
ok we are talking to higher management with all the details and I will update you by EOD otherwise tomorrow. We will try to pay you by today if higher mangement approves everything
// Analysis
Analyst Observations
- The final settlement represented a 0% reduction from the initial demand — a moderate reduction.
- Conti was a major ransomware operation that effectively shut down in May 2022 after internal chat logs were leaked. Members dispersed to other groups including Royal, BlackBasta, and Karakurt.