// Context
About This Negotiation
This transcript documents a fog ransomware negotiation with a redacted victim organisation.
The negotiation consisted of 27 messages exchanged over Unknown.
The initial ransom demand was $400,000. The final outcome is not confirmed in the transcript.
// Primary Source
Full Transcript — Verbatim
Reproduced from Casualtek's Ransomchats archive. URLs have been redacted.
Victim names are shown only where the breach was publicly reported in mainstream media. Any organisation wishing their name redacted can contact us at
enquiries@binary-response.com — we will act promptly.
[fog] — Friday, 17 May 2024 08:30:51 — Message 1/27
Do you need our help?
[Victim] — Thursday, 23 May 2024 03:55:28 — Message 2/27
We would like to know what you are looking for from us. Your note says you copied data so we would like to understand what data you took.
[fog] — Admin 11:10:55 — Message 3/27
[provides a compressed 7zp files list]
this is what we took
[fog] — Admin 11:57:37 — Message 4/27
We can decrypt your systems in a couple of hours for only $400,000. Just send us 3 random encrypted files to be sure - we'll decrypt them for free.
[Victim] — Admin 23:45:48 — Message 5/27
Okay, we are working on that for you. Can you confirm that list is all of the data that you took?
[fog] — Friday, 24 May 2024 08:37:03 — Message 6/27
Yes this is all we took
[Victim] — Friday, 24 May 2024 19:43:14 — Message 7/27
Thank you. We are working on the files but will probably not have an update until after the weekend
[fog] — Monday, 27 May 2024 07:57:09 — Message 8/27
Hello. Have you managed to review?
[Victim] — Monday, 27 May 2024 12:30:14 — Message 9/27
Sorry we are working through one last item and it's late here. We will respond by tomorrow.
[fog] — Monday, 27 May 2024 13:45:56 — Message 10/27
We need you to speed up.
[Victim] — Tuesday, 28 May 2024 03:25:26 — Message 11/27
Are you able to send us the following files from that list?
[Victim] — Tuesday, 28 May 2024 03:25:45 — Message 12/27
Directory of E:\[redacted 1st directory]
[Victim] — Tuesday, 28 May 2024 03:25:56 — Message 13/27
Directory of E:\[redacted 2nd directory]
[Victim] — Tuesday, 28 May 2024 03:26:02 — Message 14/27
Directory of E:\[redacted 3rd directory]
[fog] — Admin 07:38:02 — Message 15/27
[provides provides 3 files]
these are the files from the directories you that gave
[Victim] — Wednesday, 29 May 2024 00:23:06 — Message 16/27
For the first directory, are you able to provide us this file? [redacted]\[redacted].docx
[Victim] — Wednesday, 29 May 2024 00:23:28 — Message 17/27
It looks like the full file path was originally cutoff when we requested it
[fog] — Admin 07:00:33 — Message 18/27
[provides provides 1 more file]
[Victim] — Admin 14:39:49 — Message 19/27
h
[fog] — Admin 14:51:30 — Message 20/27
what?
[fog] — Admin 14:54:02 — Message 21/27
lets get closer to a resolution here. Are you ready to make a transaction and get all this resolved?
[Victim] — Thursday, 30 May 2024 05:26:24 — Message 22/27
We are going to have a bit more discussion today and over the weekend but should be in a good place to discuss more next week
[Victim] — Thursday, 30 May 2024 05:26:34 — Message 23/27
Does this work?
[fog] — Thursday, 30 May 2024 07:54:29 — Message 24/27
I will be waiting for numbers from you on Monday.
[fog] — Thursday, 30 May 2024 11:04:54 — Message 25/27
[REDACTED URL] use the id on the link to access a new chat to discuss the price and payment
[fog] — Thursday, 30 May 2024 11:05:19 — Message 26/27
I will be waiting for you there on Monday or earlier
[fog] — Thursday, 30 May 2024 11:05:30 — Message 27/27
tell me when you access the new chat