// Context
About This Negotiation
This transcript documents a Dragonforce ransomware negotiation with C42Cdf65B97D0E92.
The negotiation consisted of 30 messages exchanged over Unknown.
The initial ransom demand was $1.8M. The final outcome is not confirmed in the transcript.
// Primary Source
Full Transcript — Verbatim
Reproduced from Casualtek's Ransomchats archive. URLs have been redacted.
Victim names are shown only where the breach was publicly reported in mainstream media. Any organisation wishing their name redacted can contact us at
enquiries@binary-response.com — we will act promptly.
[C42Cdf65B97D0E92] — 2024-03-03T21:21:19.66197Z — Message 1/30
We found your note. What did you do to our systems?
[Dragonforce] — 2024-03-03T23:12:15.145191Z — Message 2/30
tree.7z filesize:895892
[Dragonforce] — 2024-03-03T23:12:42.332673Z — Message 3/30
List of files that we downloaded from your corporate network.
[Dragonforce] — 2024-03-03T23:15:30.775125Z — Message 4/30
At the first stage, you can select 1-3 files to ensure that we have them. At the second stage, you should check our decryption program. On the chat page, you will be able to get acquainted with our FAQ.
[Dragonforce] — 2024-03-03T23:17:20.910704Z — Message 5/30
In your server at 192.168.3.11, we used TrueCrypt. If you want to save your data, then don't touch the hard drive. And if we agree, you will have the opportunity to restore all the data.
[C42Cdf65B97D0E92] — 2024-03-04T14:23:30.693707Z — Message 6/30
Thank you for the tree. I will provide that to our leadership. While we are communicating with you, can you please remove our name from your blog?
[Dragonforce] — 2024-03-04T16:48:22.716208Z — Message 7/30
ok.
[C42Cdf65B97D0E92] — 2024-03-05T12:01:01.841829Z — Message 8/30
Leadership is reviewing the tree and will select the files to send you. What is this going to cost us?
[Dragonforce] — 2024-03-05T12:06:16.806154Z — Message 9/30
The price for decrypting and deleting your files from our servers is 60 BTC. If a quick payment is made, I will discuss with my colleagues a discount for your company.
[C42Cdf65B97D0E92] — 2024-03-06T12:09:19.05468Z — Message 10/30
Here are the files that leadership selected:
[C42Cdf65B97D0E92] — 2024-03-06T12:09:27.060268Z — Message 11/30
Service Centers are Closed Due to Bad Weather.doc Walking Results 2005-3.doc Q2 2023 ATA_ ECON_Webinar.pdf ERY driving directions.xls Buffalo Bid April 2015.xls
[Dragonforce] — 2024-03-06T12:40:39.268828Z — Message 12/30
ok, wait.
[Dragonforce] — 2024-03-06T13:06:06.701694Z — Message 13/30
files.7z filesize:1097058
[Dragonforce] — 2024-03-07T09:45:31.034369Z — Message 14/30
If you expect a good discount, then you should speed up your negotiations with us. Have you received the files?
[C42Cdf65B97D0E92] — 2024-03-07T13:14:06.771753Z — Message 15/30
We just received them. I will give them to leadership and we will be in touch shortly
[Dragonforce] — 2024-03-07T13:15:35.382451Z — Message 16/30
Ok.
[C42Cdf65B97D0E92] — 2024-03-08T13:40:01.285308Z — Message 17/30
Are we able to test your tool?
[Dragonforce] — 2024-03-08T13:41:33.413591Z — Message 18/30
Yes, you do have the opportunity to do this.
[Dragonforce] — 2024-03-08T13:42:39.937086Z — Message 19/30
You are on the test decryption page (Stage 2), you can upload the file and it will be decrypted automatically.
[C42Cdf65B97D0E92] — 2024-03-08T19:16:20.422622Z — Message 20/30
Ok thank you. Our MSP has left for the day and now that it is the weekend he will not return until Monday. Can we test it then please. We know your time is valuable and we are not trying to waste it.
[Dragonforce] — 2024-03-08T19:34:30.841203Z — Message 21/30
We will extend the deadline, but please keep in mind that if we do not start more meaningful negotiations next week, we will not wait for you. See you on Monday.
[C42Cdf65B97D0E92] — 2024-03-11T12:53:12.749047Z — Message 22/30
For some reason, we are having an issue with testing the file on your free test on the other page. We will keep trying, but I have the files here as well: [REDACTED URL]
[Dragonforce] — 2024-03-11T12:53:48.507848Z — Message 23/30
Ok. Wait.
[Dragonforce] — 2024-03-11T13:19:39.08864Z — Message 24/30
[Redacted] Samples.7z filesize:1468
[Dragonforce] — 2024-03-12T13:04:34.394063Z — Message 25/30
Perhaps publishing on our excellent blog will expedite the negotiation process with you?
[C42Cdf65B97D0E92] — 2024-03-12T13:24:04.48202Z — Message 26/30
There is no need to publish anything. We have been experiencing network connectivity issues throughout and all information must be relayed to my leadership. This takes some time. I will be back in touch very soon.
[Dragonforce] — 2024-03-12T13:24:42.456459Z — Message 27/30
ok.
[C42Cdf65B97D0E92] — 2024-03-13T14:48:06.492867Z — Message 28/30
Our board requires 100% unanimous voting in able for us to move forward with you. We have one member who is not scheduled to return until Monday. We do want to come to a resolution with you. We know that your time is very valuable and we just want to show complete visibility and communication letting you know that we are trying on our end. Please do not release any of our data until after our board can meet.
[Dragonforce] — 2024-03-13T16:01:52.217105Z — Message 29/30
Agreed, we await Monday.
[C42Cdf65B97D0E92] — 2024-03-14T11:45:22.953916Z — Message 30/30
Thank you.