// Context
About This Negotiation
This transcript documents a Hive ransomware negotiation with a redacted victim organisation.
The negotiation consisted of 46 messages exchanged over Unknown.
The initial ransom demand was $3.5M. The final outcome is not confirmed in the transcript.
// Primary Source
Full Transcript — Verbatim
Reproduced from Casualtek's Ransomchats archive. URLs have been redacted.
Victim names are shown only where the breach was publicly reported in mainstream media. Any organisation wishing their name redacted can contact us at
enquiries@binary-response.com — we will act promptly.
[Hive] — 2021-10-26 13:36 — Message 1/46
Hello and welcome to Hive.
How may I help you?
[Victim] — 2021-10-26 13:38 — Message 2/46
we have some files crypted and we want to decrypt them
[Victim] — 2021-10-26 14:20 — Message 3/46
anybody there?
[Hive] — 2021-10-26 17:15 — Message 4/46
To decrypt your files you have to pay $3,500,000 in Bitcoin. The price is not a subject to discuss.
[Victim] — 2021-10-26 18:03 — Message 5/46
sorry, are we talking about 3,5K or 3,5M $
[Victim] — 2021-10-26 18:04 — Message 6/46
in the first case, how should we do the payment and when will we be able to decrypt files?
[Hive] — 2021-10-26 18:06 — Message 7/46
It's clearly the price is $3.5M
[Hive] — 2021-10-26 18:07 — Message 8/46
We also have exfiltrated files which will be disclosed in case of refusing to pay.
[Hive] — 2021-10-27 18:38 — Message 9/46
To convince you to pay we can make calls to your partners to notify them about the incident.
[Victim] — 2021-10-27 18:46 — Message 10/46
No need for it. We've been checking with Finance your figures and despite willing to pay, we cannot afford the requested amount. We are a roughly over 77M $ yearly revenue company as you can check at official business directory ([REDACTED URL] That amount is far away from our ability to comply with your demands.
[Hive] — 2021-10-27 19:11 — Message 11/46
The price is not a subject to discuss.
[Hive] — 2021-10-27 19:16 — Message 12/46
We performed files analysis. The impact of disclosure and undecryptable files will cost you few times more then $3.5M.
To prove that we have exfiltrated files I give you a sample archive.
[REDACTED URL]
[Victim] — 2021-10-27 19:17 — Message 13/46
I'm not trying to negotiate. It's just you are considering we are about 500% bigger than we are. It's just a matter of being realistic.
[Hive] — 2021-10-27 19:18 — Message 14/46
I'll fix the number at the company's profile but it will not change anything.
[Hive] — 2021-11-01 11:15 — Message 15/46
We will not wait forever. You have to decide.
[Hive] — 2021-11-02 14:40 — Message 16/46
Let me explain to you something.
There is no other way to decrypt files other then to purchase the decryption software. The attempts to use something different then original software MAY cause irreversible damage. Your files will be unable to decrypt!
[Victim] — 2021-11-04 11:22 — Message 17/46
We perfectly understand you but, as told before, we have a significantly lower size than you have considered. Your demands are far from feasible for us (no such cash available).
As I told you, we are not trying to negotiate but if we want to reach something feasible for both parties, we need to get close to realistic capabilities.
Are you open to discuss?
[Hive] — 2021-11-04 20:02 — Message 18/46
I offer you $2,500,000 and it's valid until the end of the weekend.
[Victim] — 2021-11-05 14:35 — Message 19/46
Still high, but anyway I'll pass your offer to management. Anyway, is there any proof of trust that the decryption software will fully solve the issue?
[Victim] — 2021-11-05 14:47 — Message 20/46
By the way, we don't have Bitcoin. How shall we proceed?
[Hive] — 2021-11-05 16:29 — Message 21/46
To prove the decryption software works you may upload few encrypted files and a key related to them. It usually locates at C:\*.key.* or at root of a shared folder
[Hive] — 2021-11-05 16:35 — Message 22/46
You may purchase Bitcoin here - [REDACTED URL]
Just create a new business account and make SEPA-payment.
After registration and SEPA-payment you should immediately contact to Kraken Support and raise the withdrawal limit to $2.5M per 1 BTC transaction.
[Victim] — 2021-11-05 16:57 — Message 23/46
there are several files like this one
[Hive] — 2021-11-05 19:03 — Message 24/46
Yes, and then upload encrypted files which contain 4igKANBkvldLbBKaHpLIOSo-[redacted]*.[redacted]
[Victim] — 2021-11-05 20:51 — Message 25/46
OK OK, now I undertand
[Victim] — 2021-11-05 21:00 — Message 26/46
I will upload a single folder with different file types. Is it OK?
[Victim] — 2021-11-05 21:02 — Message 27/46
my colleagues are warning me about some sort of verifications asked by Kraken registration. I will be updating status.
[Hive] — 2021-11-05 21:03 — Message 28/46
Upload few encrypted files with a key. You don't have to upload full folder.
[Victim] — 2021-11-05 21:29 — Message 29/46
there you go
[Hive] — 2021-11-05 21:35 — Message 30/46
I have uploaded one file and others, I see they contain important info. I can mask some data in it^
Passphrase : XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
Vault : Serverdom
Machine : SERVERDOM
[Hive] — 2021-11-05 21:38 — Message 31/46
Name Type Data Timestamp
_msdcs
_sites
_tcp
_udp
DomainDnsZones
ForestDnsZones
(same as parent folder) Host (A) 192.168.YYY.XXX 03/07/2019 19:00:00
(same as parent folder) Host (A) 192.168.YYY.XXX 01/09/2019 16:00:00
[redacted] Host (A) 192.168.YYY.XXX 20/06/2019 14:00:00
[redacted] Host (A) 192.168.YYY.XXX 25/08/2019 12:00:00
[redacted] Host (A) 192.168.YYY.XXX 25/06/2019 10:00:00
[redacted] Host (A) 192.168.YYY.XXX 25/06/2019 11:00:00
[redacted] Host (A) 192.168.YYY.XXX 25/06/2019 12:00:00
[redacted] Host (A) 192.168.YYY.XXX 02/09/2019 10:00:00
[redacted] Host (A) 192.168.YYY.XXX 05/08/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 13/08/2019 8:00:00
[redacted] Host (A) 192.168.YYY.XXX 28/08/2019 8:00:00
[redacted] Host (A) 192.168.YYY.XXX 28/08/2019 10:00:00
Backups Host (A) 192.168.YYY.XXX static
Backups2 Host (A) 192.168.YYY.XXX 29/08/2019 10:00:00
[redacted] Host (A) 192.168.YYY.XXX 12/08/2019 15:00:00
[redacted] Host (A) 192.168.YYY.XXX 12/08/2019 15:00:00
[redacted] Host (A) 192.168.YYY.XXX 08/08/2019 8:00:00
[redacted] Host (A) 192.168.YYY.XXX 08/08/2019 15:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/08/2019 10:00:00
[redacted] Host (A) 192.168.YYY.XXX 30/08/2019 11:00:00
[redacted] Host (A) 192.168.YYY.XXX 06/09/2019 10:00:00
[redacted] Host (A) 192.168.YYY.XXX 06/09/2019 10:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 8:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 02/09/2019 8:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 8:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 8:00:00
[redacted] Host (A) 192.168.YYY.XXX 30/08/2019 8:00:00
[redacted] Host (A) 192.168.YYY.XXX 18/06/2019 8:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 10:00:00
[redacted] Host (A) 192.168.YYY.XXX 31/08/2019 19:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 8:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 8:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 8:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 8:00:00
[redacted] Host (A) 192.168.YYY.XXX 08/09/2019 8:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 8:00:00
[redacted] Host (A) 192.168.YYY.XXX 05/09/2019 13:00:00
[redacted] Host (A) 192.168.YYY.XXX 26/08/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 28/08/2019 13:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 05/09/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 06/09/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 29/08/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 08/08/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 02/09/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 27/08/2019 15:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 01/09/2019 15:00:00
[redacted] Host (A) 192.168.YYY.XXX 06/09/2019 15:00:00
[redacted] Host (A) 192.168.YYY.XXX 05/09/2019 0:00:00
[redacted] Host (A) 192.168.YYY.XXX 01/09/2019 11:00:00
[redacted] Host (A) 192.168.YYY.XXX 06/09/2019 8:00:00
[redacted] Host (A) 192.168.YYY.XXX 31/08/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 23/08/2019 15:00:00
[redacted] Host (A) 192.168.YYY.XXX static
[redacted] Host (A) 192.168.YYY.XXX 02/09/2019 7:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 8:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 10:00:00
[redacted] Host (A) 192.168.YYY.XXX 28/08/2019 10:00:00
[redacted] Host (A) 192.168.YYY.XXX 02/09/2019 8:00:00
[redacted] Host (A) 192.168.YYY.XXX 05/09/2019 0:00:00
[redacted] Host (A) 192.168.YYY.XXX 03/09/2019 14:00:00
[redacted] Host (A) 192.168.YYY.XXX 02/09/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 01/08/2019 8:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 8:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 8:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 8:00:00
[redacted] Host (A) 192.168.YYY.XXX 05/09/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 10:00:00
[redacted] Host (A) 192.168.YYY.XXX 02/09/2019 7:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 10:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 02/09/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 28/08/2019 7:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 10:00:00
[redacted] Host (A) 192.168.YYY.XXX 06/09/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 28/08/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 22/08/2019 10:00:00
[redacted] Host (A) 192.168.YYY.XXX 28/08/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 29/08/2019 3:00:00
[redacted] Host (A) 192.168.YYY.XXX 08/09/2019 3:00:00
Gestion Host (A) 192.168.YYY.XXX 28/08/2019 8:00:00
[redacted] Host (A) 10.0.0.11 static
[redacted] Host (A) 10.0.0.12 static
[redacted] Host (A) 10.0.0.13 static
[redacted] Host (A) 192.168.YYY.XXX 26/08/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 23/08/2019 8:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 02/09/2019 8:00:00
[redacted] Host (A) 192.168.YYY.XXX 05/09/2019 14:00:00
[redacted] Host (A) 192.168.YYY.XXX 02/09/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 28/08/2019 15:00:00
[redacted] Host (A) 192.168.YYY.XXX 26/08/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 03/09/2019 11:00:00
[redacted] Host (A) 192.168.YYY.XXX 05/09/2019 7:00:00
[redacted] Host (A) 192.168.YYY.XXX 02/09/2019 10:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 8:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 9:00:00
LAPTOP-[redacted] Host (A) 192.168.YYY.XXX 04/09/2019 13:00:00
LAPTOP-[redacted] Host (A) 192.168.YYY.XXX 04/09/2019 13:00:00
[redacted] Host (A) 192.168.YYY.XXX 03/09/2019 10:00:00
[redacted] Host (A) 192.168.YYY.XXX 04/09/2019 3:00:00
[redacted] Host (A) 192.168.YYY.XXX 05/09/2019 8:00:00
[redacted] Host (A) 192.168.YYY.XXX static
[redacted] Host (A) 192.168.YYY.XXX static
[redacted] Host (A) 192.168.YYY.XXX 06/09/2019 16:00:00
[redacted] Host (A) 192.168.YYY.XXX 27/08/2019 19:00:00
[redacted] Host (A) 192.168.YYY.XXX 06/09/2019 17:00:00
[redacted] Host (A) 192.168.YYY.XXX 26/08/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 30/08/2019 10:00:00
[redacted] Host (A) 192.168.YYY.XXX 26/08/2019 10:00:00
[redacted] Host (A) 192.168.YYY.XXX 07/09/2019 22:00:00
[redacted] Host (A) 192.168.YYY.XXX 13/08/2019 7:00:00
[redacted] Host (A) 192.168.YYY.XXX 05/09/2019 8:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/08/2019 14:00:00
[redacted] Host (A) 192.168.YYY.XXX 26/07/2019 13:00:00
[redacted] Host (A) 192.168.YYY.XXX 24/07/2019 8:00:00
[redacted] Host (A) 192.168.YYY.XXX 02/09/2019 17:00:00
[redacted] Host (A) 192.168.YYY.XXX 01/08/2019 14:00:00
[redacted] Host (A) 192.168.YYY.XXX 07/08/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 16/07/2019 13:00:00
[redacted] Host (A) 192.168.YYY.XXX 16/07/2019 13:00:00
[redacted] Host (A) 192.168.YYY.XXX 07/09/2019 15:00:00
[redacted] Host (A) 192.168.YYY.XXX 24/07/2019 8:00:00
[redacted] Host (A) 192.168.YYY.XXX 03/07/2019 8:00:00
[redacted] Host (A) 192.168.YYY.XXX 17/07/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 22/08/2019 10:00:00
[redacted] Host (A) 192.168.YYY.XXX 29/08/2019 10:00:00
[redacted] Host (A) 192.168.YYY.XXX 26/08/2019 17:00:00
[redacted] Host (A) 192.168.YYY.XXX 04/09/2019 14:00:00
[redacted] Host (A) 192.168.YYY.XXX 31/08/2019 10:00:00
[redacted]SRV Host (A) 192.168.YYY.XXX 31/08/2019 11:00:00
[redacted] Host (A) 192.168.YYY.XXX 26/08/2019 8:00:00
[redacted] Host (A) 192.168.YYY.XXX 05/09/2019 10:00:00
[redacted] Host (A) 192.168.YYY.XXX 01/09/2019 15:00:00
[redacted] Host (A) 192.168.YYY.XXX 30/08/2019 16:00:00
[redacted] Host (A) 192.168.YYY.XXX 27/08/2019 20:00:00
[redacted] Host (A) 192.168.YYY.XXX 06/09/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 01/09/2019 0:00:00
[redacted] Host (A) 192.168.YYY.XXX 29/08/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 02/09/2019 7:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 8:00:00
[redacted] Host (A) 192.168.YYY.XXX 31/08/2019 22:00:00
[redacted]SRV Host (A) 192.168.YYY.XXX 08/09/2019 8:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/08/2019 14:00:00
NAS-2 Host (A) 192.168.YYY.XXX static
[redacted] Host (A) 192.168.YYY.XXX 04/07/2019 11:00:00
[redacted] Host (A) 192.168.YYY.XXX 28/08/2019 11:00:00
[redacted] Host (A) 192.168.YYY.XXX 28/08/2019 8:00:00
[redacted] Host (A) 192.168.YYY.XXX 01/09/2019 0:00:00
[redacted] Host (A) 192.168.YYY.XXX 06/09/2019 11:00:00
[redacted] Host (A) 192.168.YYY.XXX 28/08/2019 10:00:00
[redacted] Host (A) 192.168.YYY.XXX 03/09/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 26/08/2019 7:00:00
[redacted] Host (A) 192.168.YYY.XXX 04/09/2019 11:00:00
[redacted] Host (A) 192.168.YYY.XXX 27/08/2019 13:00:00
[redacted] Host (A) 192.168.YYY.XXX 27/08/2019 13:00:00
[redacted] Host (A) 192.168.YYY.XXX 04/09/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 05/09/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 03/09/2019 8:00:00
[redacted] Host (A) 192.168.YYY.XXX 27/08/2019 8:00:00
[redacted] Host (A) 192.168.YYY.XXX 05/09/2019 10:00:00
[redacted] Host (A) 192.168.YYY.XXX 05/09/2019 12:00:00
[redacted] Host (A) 192.168.YYY.XXX 27/08/2019 3:00:00
[redacted] Host (A) 192.168.YYY.XXX 30/08/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 06/09/2019 12:00:00
[redacted] Host (A) 192.168.YYY.XXX 31/08/2019 2:00:00
[redacted] Host (A) 192.168.YYY.XXX 06/09/2019 13:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 06/09/2019 13:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 10:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 8:00:00
[redacted] Host (A) 192.168.YYY.XXX 05/09/2019 11:00:00
[redacted] Host (A) 192.168.YYY.XXX 06/09/2019 11:00:00
PRESTA[redacted] Host (A) 192.168.YYY.XXX 04/09/2019 19:00:00
[redacted] Host (A) 192.168.YYY.XXX 28/08/2019 7:00:00
[redacted]-HP Host (A) 192.168.YYY.XXX 02/09/2019 8:00:00
[redacted] Host (A) 192.168.YYY.XXX 02/09/2019 10:00:00
[redacted] Host (A) 192.168.YYY.XXX 06/09/2019 8:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 8:00:00
[redacted] Host (A) 192.168.YYY.XXX 03/09/2019 12:00:00
[redacted] Host (A) 192.168.YYY.XXX 05/09/2019 15:00:00
[redacted] Host (A) 192.168.YYY.XXX 30/08/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 08/09/2019 5:00:00
[redacted] Host (A) 192.168.YYY.XXX 04/09/2019 10:00:00
[redacted] Host (A) 192.168.YYY.XXX 02/09/2019 8:00:00
[redacted] Host (A) 192.168.YYY.XXX 02/09/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 01/09/2019 12:00:00
Server[redacted] Host (A) 192.168.YYY.XXX 02/09/2019 8:00:00
SERVER[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 10:00:00
Server[redacted] Host (A) 192.168.YYY.XXX 05/09/2019 13:00:00
Server[redacted] Host (A) 192.168.YYY.XXX 31/08/2019 8:00:00
SERVER[redacted] Host (A) 192.168.YYY.XXX 28/08/2019 11:00:00
serverdom Host (A) 192.168.YYY.XXX static
Server[redacted] Host (A) 192.168.YYY.XXX 25/08/2019 8:00:00
Server[redacted] Host (A) 192.168.YYY.XXX 05/09/2019 8:00:00
ServerEditorial Host (A) 192.168.YYY.XXX 05/09/2019 13:00:00
Server[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 8:00:00
Server[redacted] Host (A) 192.168.YYY.XXX 02/09/2019 8:00:00
servergit Host (A) 192.168.YYY.XXX static
ServerHCM Host (A) 192.168.YYY.XXX 02/09/2019 8:00:00
Server[redacted] Host (A) 192.168.YYY.XXX 11/08/2019 8:00:00
serverjava Host (A) 192.168.YYY.XXX static
SERVERMD Host (A) 192.168.YYY.XXX 08/09/2019 8:00:00
ServerMonPrint Host (A) 192.168.YYY.XXX 03/09/2019 8:00:00
serverpc Host (A) 192.168.YYY.XXX static
serverphp Host (A) 192.168.YYY.XXX static
serverrails Host (A) 192.168.YYY.XXX static
ServerRDP Host (A) 192.168.YYY.XXX 25/08/2019 8:00:00
Server[redacted] Host (A) 192.168.YYY.XXX 25/08/2019 9:00:00
SERVERSAP Host (A) 192.168.YYY.XXX 03/09/2019 8:00:00
SERVER[redacted] Host (A) 192.168.YYY.XXX 06/09/2019 11:00:00
SERVER[redacted] Host (A) 192.168.YYY.XXX 30/06/2019 6:00:00
Server[redacted] Host (A) 192.168.YYY.XXX 01/09/2019 8:00:00
SERV[redacted] Host (A) 192.168.YYY.XXX 28/08/2019 10:00:00
Servervpn Host (A) 192.168.YYY.XXX 25/08/2019 15:00:00
serverweb Host (A) 192.168.YYY.XXX static
ServerWebW1Apps Host (A) 192.168.YYY.XXX static
SERVERWSUS Host (A) 192.168.YYY.XXX 26/08/2019 8:00:00
Srv[redacted] Host (A) 192.168.YYY.XXX 05/09/2019 8:00:00
SRV[redacted] Host (A) 192.168.YYY.XXX 07/09/2019 15:00:00
SRV[redacted] Host (A) 192.168.YYY.XXX 26/08/2019 9:00:00
SRV[redacted] Host (A) 192.168.YYY.XXX 25/08/2019 15:00:00
SRV[redacted] Host (A) 192.168.YYY.XXX 26/08/2019 8:00:00
SRV[redacted] Host (A) 192.168.YYY.XXX 07/09/2019 11:00:00
srv[redacted] Host (A) 192.168.YYY.XXX static
[redacted] Host (A) 192.168.YYY.XXX 06/09/2019 11:00:00
[redacted] Host (A) 192.168.YYY.XXX 06/09/2019 11:00:00
[redacted] Host (A) 192.168.YYY.XXX 03/09/2019 8:00:00
[redacted] Host (A) 192.168.YYY.XXX 29/08/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 10:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 10:00:00
[redacted] Host (A) 192.168.YYY.XXX 06/09/2019 10:00:00
[redacted] Host (A) 192.168.YYY.XXX 06/09/2019 10:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 04/09/2019 3:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 08/09/2019 22:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 7:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 7:00:00
[redacted] Host (A) 192.168.YYY.XXX 06/09/2019 13:00:00
[redacted] Host (A) 192.168.YYY.XXX 06/09/2019 13:00:00
[redacted] Host (A) 192.168.YYY.XXX 04/09/2019 14:00:00
[redacted] Host (A) 192.168.YYY.XXX 04/09/2019 14:00:00
[redacted] Host (A) 192.168.YYY.XXX 06/09/2019 13:00:00
[redacted] Host (A) 192.168.YYY.XXX 05/09/2019 15:00:00
[redacted] Host (A) 192.168.YYY.XXX 06/09/2019 13:00:00
[redacted] Host (A) 192.168.YYY.XXX 02/09/2019 16:00:00
[redacted] Host (A) 192.168.YYY.XXX 06/09/2019 12:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 06/09/2019 13:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 10:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 9:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 10:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 10:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 10:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 7:00:00
[redacted] Host (A) 192.168.YYY.XXX 09/09/2019 7:00:00
[redacted]ADMIN01 Host (A) 192.168.YYY.XXX 21/06/2019 9:00:00
WIN-[redacted] IPv6 Host (AAAA) 2002:1400:0122:0000:0000:0000:1400:0122 static
(same as parent folder) Name Server (NS) serverdom02.[redacted].local. static
(same as parent folder) Name Server (NS) serverdom.[redacted].local. static
(same as parent folder) Start of Authority (SOA) [222783], serverdom.[redacted].local., hostmaster.[redacted].net. static
[Victim] — 2021-11-05 21:40 — Message 32/46
too much masking, isn'tit?
[Victim] — 2021-11-05 21:41 — Message 33/46
i cannot use them for checking validity
[Hive] — 2021-11-05 21:44 — Message 34/46
All you need is to see that I have decrypted it. There is nothing to validate more
[Victim] — 2021-11-05 21:44 — Message 35/46
I understand
[Victim] — 2021-11-05 21:45 — Message 36/46
well, I'll pass the outcome to management but it doesn't appear to be complete
[Victim] — 2021-11-05 21:45 — Message 37/46
I'll be back to you
[Victim] — 2021-11-05 21:46 — Message 38/46
those where config files
[Victim] — 2021-11-05 21:47 — Message 39/46
the more trivial info available
[Hive] — 2021-11-05 21:55 — Message 40/46
I will not to disclose you any sensitive files until payment will be made. Select other files if you still do not believe that the decryption software works.
[Victim] — 2021-11-05 22:02 — Message 41/46
no, it's OK. I'll give that to management and if they trust it I'll keep you posted
[Hive] — 2021-11-08 17:43 — Message 42/46
I need to hear an update from you today
[Victim] — 2021-11-14 18:52 — Message 43/46
guys, we finally give up with this shit
[Victim] — 2021-11-14 18:53 — Message 44/46
Kraken has blocked our registration and funds cannot be moved
[Victim] — 2021-11-14 18:53 — Message 45/46
it seems to be an impossible process
[Hive] — 2021-11-14 20:48 — Message 46/46
I'm sure this situation will be resolved