// Context
About This Negotiation
This transcript documents a Darkside ransomware negotiation with a redacted victim organisation.
The negotiation consisted of 85 messages exchanged over Unknown.
The initial demand is not clearly stated in the transcript. The final outcome is not confirmed in the transcript.
// Primary Source
Full Transcript — Verbatim
Reproduced from Casualtek's Ransomchats archive. URLs have been redacted.
Victim names are shown only where the breach was publicly reported in mainstream media. Any organisation wishing their name redacted can contact us at
enquiries@binary-response.com — we will act promptly.
[Darkside] — 106 days ago — Message 1/85
Are you ready for a dialog?
[Victim] — 106 days ago — Message 2/85
Ready. First, please stop the time left clock. We are working fast, but we are running into issues. Need a little more time.
[Victim] — 106 days ago — Message 3/85
Well?
[Darkside] — 106 days ago — Message 4/85
This time is enough to buy bitcoin or monero.
[Victim] — 106 days ago — Message 5/85
Not enough time to set up our account, send documents to exchange, go thru background check. Please change to 6 days
[Darkside] — 106 days ago — Message 6/85
You are asking for extra time but you are not offering anything. Contact a broker and they will buy you a cryptocurrency.
[Victim] — 106 days ago — Message 7/85
We are already in the process of creating our Exchange account. This
is very small request. Will you please work with us so we can start a
dialog?
[Darkside] — 106 days ago — Message 8/85
We are in the dialog, you could write us 1-2 days ago, but you
didn't and now you are asking for an extra time. You need to work
faster.
[Victim] — 106 days ago — Message 9/85
We did not know our tech went to this link. Only informed us this
morning about the timer. I'm sorry we did not contact sooner
[Victim] — 106 days ago — Message 10/85
It will help discussions with the management team if I can show them
you are allowing 2 days more. Right now it is just fear
[Victim] — 106 days ago — Message 11/85
Are you just going to ignore us? I'm here so we can talk.
[Darkside] — 106 days ago — Message 12/85
Our other clients can pay in this time, if you want - you can not pay, we need publications for the blog.
[Darkside] — 106 days ago — Message 13/85
Your data leak will be a good reason for other companies to pay us.
[Victim] — 106 days ago — Message 14/85
Maybe other companies have more liquidity or investors to use. We do not - so please let's work together.
[Darkside] — 106 days ago — Message 15/85
We have reviewed your accounting, your liquidity allows to pay us that amount.
[Victim] — 106 days ago — Message 16/85
Approvals to release those funds take time, and we did not know timer had started until today.
[Darkside] — 106 days ago — Message 17/85
You haven't offered a single serious proposal. To discuss additional time you need to offer us a deal.
[Victim] — 106 days ago — Message 18/85
I don't have authority to offer a deal without getting written
authorization from the board and the company president. As I said, they
are asking me if you are a reasonable business group, and so far I do
not know what to tell them.
[Darkside] — 106 days ago — Message 19/85
We can only discuss additional time when you have an offer. If we
give you extra time, we will have to stand by our word. It would be
wrong to give you extra time and not to discuss the amount of the deal.
[Darkside] — 106 days ago — Message 20/85
If we do not agree on a price, you will not need additional time.
[Victim] — 106 days ago — Message 21/85
So if I understand, you are willing to discuss price negotiation?
[Darkside] — 106 days ago — Message 22/85
The price for your company is not overpriced, so we cannot provide big discounts.
[Darkside] — 106 days ago — Message 23/85
If you pay within 24 hours, we will give you a discount.
[Victim] — 106 days ago — Message 24/85
I see. I will share this with my team and write back.
[Darkside] — 106 days ago — Message 25/85
ok
[Victim] — 105 days ago — Message 26/85
Just uploaded a file for free decrypt test. Please confirm
[redacted]
392 B
[Darkside] — 105 days ago — Message 27/85
File
[redacted]
262 B
[Darkside] — 105 days ago — Message 28/85
This Index search file so you need rename it
[Victim] — 105 days ago — Message 29/85
I understand - thanks.
[Victim] — 105 days ago — Message 30/85
Hi
[Victim] — 105 days ago — Message 31/85
Are you there?
[Darkside] — 105 days ago — Message 32/85
Yes.
[Victim] — 105 days ago — Message 33/85
Hey I am getting error while doing payment on your bitcoin address, is your bitcoin address correct?
[Darkside] — 105 days ago — Message 34/85
Which error do you get?
[Victim] — 105 days ago — Message 35/85
"Transaction Server Response" Failed
[Darkside] — 105 days ago — Message 36/85
Where do you get this error?
[Victim] — 105 days ago — Message 37/85
while doing payment
[Darkside] — 105 days ago — Message 38/85
This is Bech32 address ([REDACTED URL] May be
you have an old wallet that does not support such addresses. You can
transfer money to a new wallet that supports bech32 addresses and send
it from there.
[Victim] — 105 days ago — Message 39/85
I am using new one I also read it online I double check that part
already might be your address is new and it's empty there is no balance
and because of that I am getting the error
[Victim] — 105 days ago — Message 40/85
sddsd
[Victim] — 105 days ago — Message 41/85
dsdsds
[redacted]
2.61 kB
[Victim] — 105 days ago — Message 42/85
mkkm
bin.exe
98 kB
[Victim] — 105 days ago — Message 43/85
d
bin.exe
98 kB
[Darkside] — 105 days ago — Message 44/85
What is this?
[Victim] — 105 days ago — Message 45/85
d
bin.exe
98 kB
[Victim] — 105 days ago — Message 46/85
d
bin.exe
98 kB
[Victim] — 105 days ago — Message 47/85
it's you sucking dick
[Victim] — 105 days ago — Message 48/85
sorry for this
[Victim] — 105 days ago — Message 49/85
someone else is using this thing
[Victim] — 105 days ago — Message 50/85
someone else is pasting the items here
[Victim] — 105 days ago — Message 51/85
can you please help me fast with that problem
[Victim] — 105 days ago — Message 52/85
can you please send me different old btc address or add some balance. So that I will reattempt to transfer the funds again
[Victim] — 105 days ago — Message 53/85
I am waiting for your reply or can we chat on your email if you don't have any problem?
[Victim] — 105 days ago — Message 54/85
:DD
[Victim] — 105 days ago — Message 55/85
c=====================3
[Victim] — 105 days ago — Message 56/85
suck
[Victim] — 105 days ago — Message 57/85
whoever else is typing and sending this nonsense please stop
[Victim] — 105 days ago — Message 58/85
our system is corrupted and we are paying to this person and need help so please don't disturb us
[Victim] — 105 days ago — Message 59/85
don't pay them money
[Victim] — 105 days ago — Message 60/85
we have to pay our system is corrupted and need to restart our worrk
[Victim] — 105 days ago — Message 61/85
Hey man are you there???? please reply us fast or send your email we will communicate there..
[Victim] — 105 days ago — Message 62/85
ok but you are making a big mistake
[Darkside] — 105 days ago — Message 63/85
We will provide a wallet here in the chat soon.
[Victim] — 105 days ago — Message 64/85
ok please do it fast
[Victim] — 105 days ago — Message 65/85
it's our problem, it's our money, it's our decision to pay them, it's a humble request don't advice us.
[Darkside] — 105 days ago — Message 66/85
[redacted]
[Victim] — 105 days ago — Message 67/85
Man, still I am getting the same error and it's empty
[REDACTED URL]
[Darkside] — 105 days ago — Message 68/85
For further communication, you need to provide your official mail, where we will send another key.
[Victim] — 105 days ago — Message 69/85
we can't share our official mail.. we will create mail id on protonmail and share with you that id
[Victim] — 105 days ago — Message 70/85
is it ok with you?
[Darkside] — 105 days ago — Message 71/85
No, provide us your official mail.
[Victim] — 105 days ago — Message 72/85
we can't provide that official id on this chat
[Victim] — 105 days ago — Message 73/85
why man you are wasting our time in further communication.. we are paying you
[Victim] — 105 days ago — Message 74/85
kindly understand our problem & our privacy also. it's a earnest request
[Victim] — 105 days ago — Message 75/85
can you please provide me different cryptoaddress
[Victim] — 105 days ago — Message 76/85
I will reattempt to transfer the funds again
[Victim] — 105 days ago — Message 77/85
one more request can you please delete this whole chat conversation, if you have option to delete it
[Darkside] — 105 days ago — Message 78/85
We see 4 parallel sessions on your page. Until you confirm that you
are a representative of the company, further messages will be ignored.
[Victim] — 105 days ago — Message 79/85
ohh man can you please delete all those sessions
[Victim] — 105 days ago — Message 80/85
or block rest of the session please
[Victim] — 105 days ago — Message 81/85
Are you there ??? please reply man we are waiting for you.. still we are getting the error
[Victim] — 105 days ago — Message 82/85
Sir - this is the representative you spoke to earlier this week.
This chat is compromised. Please do not respond further. Contact me
here, and provide secure URL to continue: tgpx339@protonmail.com
[Darkside] — 105 days ago — Message 83/85
For the safety of your data during verification, write to us at 2dsfr.minotpi@protonmail.com
After we make sure that it is you, you will be given a new chat link.
All next messages in this chat will be ignored.
[Victim] — 89 days ago — Message 84/85
i need my files
[Victim] — 57 days ago — Message 85/85
test