// Ransomware Negotiation Transcript

Conti Ransomware Negotiation — Redacted Organisation

10Messages
UnknownDuration
$720.00Initial Demand
PaidOutcome
// Context

About This Negotiation

This transcript documents a Conti ransomware negotiation with a redacted victim organisation. The negotiation consisted of 10 messages exchanged.

The initial ransom demand was $720.00. The negotiation resulted in a confirmed payment.

// Primary Source

Full Transcript — Verbatim

Reproduced from Casualtek's Ransomchats archive. URLs have been redacted.

Victim names are shown only where the breach was publicly reported in mainstream media. Any organisation wishing their name redacted can contact us at enquiries@binary-response.com — we will act promptly.
[Victim] — 15/07/2021, 07:13:12 — Message 1/10
hello
[Conti] — 15/07/2021, 07:52:24 — Message 2/10
Hello, are you ready to negotiate?
[Conti] — 15/07/2021, 12:45:06 — Message 3/10
Upon conclusion of the agreement, our price includes 1) Universal decryptor for your network 2) Permanently delete all stolen information + logs of removing 3) Security advisories and report how we infiltrated your system
[Conti] — 15/07/2021, 12:45:16 — Message 4/10
You can choose any 2 files from the listing, we will discard them as proof that the files were really stolen You can also send 2 files for a free decrypt
[Conti] — 15/07/2021, 14:52:16 — Message 5/10
As you already know - your network and all of your data were encrypted by CONTI team. Besides the encryption process we've downloaded a large pack of your internal documents and files that will be published in case our negotiations fail. How it happens can be seen on our website The recovery price is $720.000. If you want to make sure we can recover all of your data - you can send us the two files of your choice and we will decrypt them free of charge. If we reach mutual agreement your will be provided with decryption tool, none of your internal data will be published and you will be provided with security tips on how to avoid further breaches. We strongly recommend to review our offer in a timely manner.
[Conti] — 15/07/2021, 18:28:39 — Message 6/10
We have over 1 million files stolen from your network Total weight over 400 gigabytes
[Conti] — 27/07/2021, 19:56:19 — Message 7/10
30perclist.txt [ 34kB ]
[Conti] — 27/07/2021, 19:57:13 — Message 8/10
[redacted]_data.7z [ 4.6MB ]
[Conti] — 29/07/2021, 13:27:29 — Message 9/10
we are ready to publish first data Silence will kill your business It is much more profitable to conclude an agreement with us
[Conti] — 20/09/2021, 08:15:42 — Message 10/10
You can still conclude an agreement with us.
// Analysis

Analyst Observations

  • The final settlement represented a 0% reduction from the initial demand — a moderate reduction.
  • Conti was a major ransomware operation that effectively shut down in May 2022 after internal chat logs were leaked. Members dispersed to other groups including Royal, BlackBasta, and Karakurt.

Facing a Ransomware Demand?

Whether you choose to negotiate or refuse — having specialists in the room changes the outcome.

Contact Us Now Our Negotiations Service →