// Ransomware Negotiation Transcript
Darkside Ransomware Negotiation — Redacted Organisation
// Context
About This Negotiation
This transcript documents a Darkside ransomware negotiation with a redacted victim organisation. The negotiation consisted of 85 messages exchanged.
The initial demand is not clearly stated in the transcript. The final outcome is not confirmed in the transcript.
// Primary Source
Full Transcript — Verbatim
Reproduced from Casualtek's Ransomchats archive. URLs have been redacted.
Victim names are shown only where the breach was publicly reported in mainstream media. Any organisation wishing their name redacted can contact us at enquiries@binary-response.com — we will act promptly.
Are you ready for a dialog?
Ready. First, please stop the time left clock. We are working fast, but we are running into issues. Need a little more time.
Well?
This time is enough to buy bitcoin or monero.
Not enough time to set up our account, send documents to exchange, go thru background check. Please change to 6 days
You are asking for extra time but you are not offering anything. Contact a broker and they will buy you a cryptocurrency.
We are already in the process of creating our Exchange account. This
is very small request. Will you please work with us so we can start a
dialog?
We are in the dialog, you could write us 1-2 days ago, but you
didn't and now you are asking for an extra time. You need to work
faster.
We did not know our tech went to this link. Only informed us this
morning about the timer. I'm sorry we did not contact sooner
It will help discussions with the management team if I can show them
you are allowing 2 days more. Right now it is just fear
Are you just going to ignore us? I'm here so we can talk.
Our other clients can pay in this time, if you want - you can not pay, we need publications for the blog.
Your data leak will be a good reason for other companies to pay us.
Maybe other companies have more liquidity or investors to use. We do not - so please let's work together.
We have reviewed your accounting, your liquidity allows to pay us that amount.
Approvals to release those funds take time, and we did not know timer had started until today.
You haven't offered a single serious proposal. To discuss additional time you need to offer us a deal.
I don't have authority to offer a deal without getting written
authorization from the board and the company president. As I said, they
are asking me if you are a reasonable business group, and so far I do
not know what to tell them.
We can only discuss additional time when you have an offer. If we
give you extra time, we will have to stand by our word. It would be
wrong to give you extra time and not to discuss the amount of the deal.
If we do not agree on a price, you will not need additional time.
So if I understand, you are willing to discuss price negotiation?
The price for your company is not overpriced, so we cannot provide big discounts.
If you pay within 24 hours, we will give you a discount.
I see. I will share this with my team and write back.
ok
Just uploaded a file for free decrypt test. Please confirm
[redacted]
392 B
File
[redacted]
262 B
This Index search file so you need rename it
I understand - thanks.
Hi
Are you there?
Yes.
Hey I am getting error while doing payment on your bitcoin address, is your bitcoin address correct?
Which error do you get?
"Transaction Server Response" Failed
Where do you get this error?
while doing payment
This is Bech32 address ([REDACTED URL] May be
you have an old wallet that does not support such addresses. You can
transfer money to a new wallet that supports bech32 addresses and send
it from there.
I am using new one I also read it online I double check that part
already might be your address is new and it's empty there is no balance
and because of that I am getting the error
sddsd
dsdsds
[redacted]
2.61 kB
mkkm
bin.exe
98 kB
d
bin.exe
98 kB
What is this?
d
bin.exe
98 kB
d
bin.exe
98 kB
it's you sucking dick
sorry for this
someone else is using this thing
someone else is pasting the items here
can you please help me fast with that problem
can you please send me different old btc address or add some balance. So that I will reattempt to transfer the funds again
I am waiting for your reply or can we chat on your email if you don't have any problem?
:DD
c=====================3
suck
whoever else is typing and sending this nonsense please stop
our system is corrupted and we are paying to this person and need help so please don't disturb us
don't pay them money
we have to pay our system is corrupted and need to restart our worrk
Hey man are you there???? please reply us fast or send your email we will communicate there..
ok but you are making a big mistake
We will provide a wallet here in the chat soon.
ok please do it fast
it's our problem, it's our money, it's our decision to pay them, it's a humble request don't advice us.
[redacted]
Man, still I am getting the same error and it's empty
[REDACTED URL]
For further communication, you need to provide your official mail, where we will send another key.
we can't share our official mail.. we will create mail id on protonmail and share with you that id
is it ok with you?
No, provide us your official mail.
we can't provide that official id on this chat
why man you are wasting our time in further communication.. we are paying you
kindly understand our problem & our privacy also. it's a earnest request
can you please provide me different cryptoaddress
I will reattempt to transfer the funds again
one more request can you please delete this whole chat conversation, if you have option to delete it
We see 4 parallel sessions on your page. Until you confirm that you
are a representative of the company, further messages will be ignored.
ohh man can you please delete all those sessions
or block rest of the session please
Are you there ??? please reply man we are waiting for you.. still we are getting the error
Sir - this is the representative you spoke to earlier this week.
This chat is compromised. Please do not respond further. Contact me
here, and provide secure URL to continue: tgpx339@protonmail.com
For the safety of your data during verification, write to us at 2dsfr.minotpi@protonmail.com
After we make sure that it is you, you will be given a new chat link.
All next messages in this chat will be ignored.
i need my files
test
// Analysis
Analyst Observations
- DarkSide is best known for the Colonial Pipeline attack in May 2021. The group shut down shortly after due to law enforcement pressure.