// Ransomware Negotiation Transcript

Dragonforce Ransomware Negotiation — D6Ddd9B26D7D41Db

14Messages
UnknownDuration
$360,000Initial Demand
PaidOutcome
// Context

About This Negotiation

This transcript documents a Dragonforce ransomware negotiation with D6Ddd9B26D7D41Db. The negotiation consisted of 14 messages exchanged.

The initial ransom demand was $360,000. The negotiation resulted in a confirmed payment.

// Primary Source

Full Transcript — Verbatim

Reproduced from Casualtek's Ransomchats archive. URLs have been redacted.

Victim names are shown only where the breach was publicly reported in mainstream media. Any organisation wishing their name redacted can contact us at enquiries@binary-response.com — we will act promptly.
[D6Ddd9B26D7D41Db] — 2025-04-10T21:20:45.774561Z — Message 1/14
We’ve found your note and messages, and we are here to discuss what we do now
[Dragonforce] — 2025-04-11T00:35:49.938260Z — Message 2/14
We got into your network and encrypted your files. We also took some of the files from your network. You can decrypt several of your files and check several files in our possession. After that, we will discuss payment for decrypting your files and deleting the data we received.
[Dragonforce] — 2025-04-11T00:35:57.555971Z — Message 3/14
tree.txt filesize:4700442
[Dragonforce] — 2025-04-11T00:36:27.750221Z — Message 4/14
Here is a list of your files
[D6Ddd9B26D7D41Db] — 2025-04-11T21:05:13.106683Z — Message 5/14
Is this listing all of the data you stole? How much is it total in size?
[Dragonforce] — 2025-04-11T21:07:50.211371Z — Message 6/14
More than 100 gigabytes, more than 50 thousand files.
[D6Ddd9B26D7D41Db] — 2025-04-14T22:05:27.140521Z — Message 7/14
We want these files from your list: Group\Clients\[Redacted].pdf Collateral Review\Template v2022-08\[Redacted].xlsm [Redacted].pdf
[Dragonforce] — 2025-04-14T22:19:19.606914Z — Message 8/14
[Redacted].pdf filesize:1125386
[Dragonforce] — 2025-04-14T22:19:28.998241Z — Message 9/14
[Redacted].xlsm filesize:947633
[Dragonforce] — 2025-04-14T22:19:38.570961Z — Message 10/14
[Redacted].pdf filesize:10588784
[Dragonforce] — 2025-04-17T21:52:57.374172Z — Message 11/14
You can see the countdown timer. When it reaches 0, the data will be published, and the decryption tool will be deleted. Some promise to recover the data after our encryption, but this is not possible. Trying to negotiate just before the countdown ends will not make the position strong. Keep this in mind and don't miss the time.
[D6Ddd9B26D7D41Db] — 2025-04-18T18:55:29.118725Z — Message 12/14
How are we supposed to negotiate anything or attempt to move forward here when you haven't even told us your price? What exactly is it you want from us?
[Dragonforce] — 2025-04-18T19:28:58.117337Z — Message 13/14
You saw the rules right away. Listing, test, price. The price is 12 BTC.
[Dragonforce] — 2025-04-22T21:41:50.776077Z — Message 14/14
In the absence of active negotiations, the data will be published in less than 48 hours.
// Analysis

Analyst Observations

  • The final settlement represented a 0% reduction from the initial demand — a moderate reduction.
  • DragonForce threat actor profile — TTPs, ransom demands, and active campaigns.

Facing a Ransomware Demand?

Whether you choose to negotiate or refuse — having specialists in the room changes the outcome.

Contact Us Now Our Negotiations Service →