// Ransomware Negotiation Transcript

Dragonforce Ransomware Negotiation — 89716D29D2Cee36F

23Messages
UnknownDuration
UnknownInitial Demand
UnknownOutcome
// Context

About This Negotiation

This transcript documents a Dragonforce ransomware negotiation with 89716D29D2Cee36F. The negotiation consisted of 23 messages exchanged.

The initial ransom demand was Unknown. The final outcome is not confirmed in the transcript.

// Primary Source

Full Transcript — Verbatim

Reproduced from Casualtek's Ransomchats archive. URLs have been redacted.

Victim names are shown only where the breach was publicly reported in mainstream media. Any organisation wishing their name redacted can contact us at enquiries@binary-response.com — we will act promptly.
[89716D29D2Cee36F] — 2025-01-25T17:38:28.964451Z — Message 1/23
Hello, I am reaching out regarding our encryption issue
[89716D29D2Cee36F] — 2025-01-25T17:39:01.481152Z — Message 2/23
Need to know what the next steps are
[Dragonforce] — 2025-01-25T17:41:54.644682Z — Message 3/23
Hello, please wait, we are exploring your financial possibilities, and then we will tell you the amount to pay.
[Dragonforce] — 2025-01-25T18:45:12.332003Z — Message 4/23
NASltd_list_of_files.zip filesize:2496907
[Dragonforce] — 2025-01-25T18:46:03.774012Z — Message 5/23
is a list of files we stole from your network.
[Dragonforce] — 2025-01-25T18:52:31.028698Z — Message 6/23
For decrypting and deleting the stolen data, including a commitment that we will not post or announce your hack on our blog price 5 bitcoins. You can do a test decrypt (if you haven't already). You can also examine the files we stole, choose a few random files to make sure we are telling the truth, we will provide these random files to you.
[89716D29D2Cee36F] — 2025-01-25T18:54:37.738495Z — Message 7/23
The file list you sent when downloaded comes as attachment.htm not [redacted].zip. How can I get the zip file?
[Dragonforce] — 2025-01-25T18:59:52.753191Z — Message 8/23
[REDACTED URL]
[89716D29D2Cee36F] — 2025-01-25T19:06:47.211473Z — Message 9/23
Got the list but it only contains data from one of my servers. How about the other data?
[Dragonforce] — 2025-01-25T19:08:25.016840Z — Message 10/23
The rest of the data can be recovered. I sent the data that was stolen. Encrypted files can all be recovered.
[Dragonforce] — 2025-01-25T19:10:37.535688Z — Message 11/23
We provide a program that automatically decrypts the data on all servers.
[89716D29D2Cee36F] — 2025-01-25T19:10:48.284323Z — Message 12/23
OK
[89716D29D2Cee36F] — 2025-01-25T19:13:41.750406Z — Message 13/23
But I think there is a mistake in your price. Looks like 5 bitcoins is about 500K USD. I don't make that much in two years combined! Not to mention, I live in a place called Altadena in California where we had major fires and I lost my house with everything in it with no insurance. This would be impossible to pay!
[Dragonforce] — 2025-01-25T19:18:15.900193Z — Message 14/23
No there was no mistake. But we're open to talking. We can discount it to a reasonable amount. I think losing your reputation altogether would be worse.
[89716D29D2Cee36F] — 2025-01-25T19:33:35.937803Z — Message 15/23
I spoke to two of my friends who had the same problem and he said when they paid, the decryptor could not decrypt large files with several gigabytes. The small files like Word, Excel worked ok but they lost all of their large files. How can you guarantee that it will work?
[Dragonforce] — 2025-01-25T19:40:15.360764Z — Message 16/23
We're not newbies at this. We don't have the problems your friends had.
[Dragonforce] — 2025-01-25T19:40:27.400121Z — Message 17/23
We're risking our name here. DragonForce, we don't make mistakes like that.
[89716D29D2Cee36F] — 2025-01-25T19:42:17.437685Z — Message 18/23
Can you prove it? Can you send me a decryptor that can decrypt 1 large file to see if it will work?
[Dragonforce] — 2025-01-25T19:45:18.463878Z — Message 19/23
If your friends did have such instances, you can ask what faction they belonged to. It certainly wasn't us (DragonForce). No, of course not. We wouldn't do that. Large files are often the most key and important. It's stupid to do a test decryption on that. You should understand that. You did a test decryption - it worked. That's the first point that shows we're not cheating. The second point is that you can pick files from a list of 2-3 random files that we can give you! That all proves that we're serious and not cheating.
[89716D29D2Cee36F] — 2025-01-25T19:53:23.933808Z — Message 20/23
I also know that you would say anything to get paid and it's hard for me to believe anything you say. I also lost my house and everything I own two weeks ago. I don't have a lot of money since I have to rebuild my life again. I will have to think about what part of my life I need to fix first and how much the stuff you stole is worth to me if anything. I will get back to you once I think it over.
[Dragonforce] — 2025-01-25T19:55:04.465346Z — Message 21/23
It's not just about those files. It's about the company being perceived as untrustworthy and compromised. Think about it and come back. I'll see you later.
[89716D29D2Cee36F] — 2025-01-25T19:55:49.139384Z — Message 22/23
I will get back to you.
[Dragonforce] — 2025-01-25T19:56:27.594846Z — Message 23/23
Pay the ransom and don't mess with us, otherwise we'll just publish the files. You still have time.
// Analysis

Analyst Observations

  • This transcript documents a Dragonforce ransomware negotiation. The exchange provides insight into the group's negotiation tactics and communication style.
  • DragonForce threat actor profile — TTPs, ransom demands, and active campaigns.

Facing a Ransomware Demand?

Whether you choose to negotiate or refuse — having specialists in the room changes the outcome.

Contact Us Now Our Negotiations Service →