Hive Ransomware Negotiation — Redacted Organisation

// Context

About This Negotiation

This transcript documents a Hive ransomware negotiation with a redacted victim organisation. The negotiation consisted of 4 messages exchanged over Unknown.

The initial ransom demand was $3.5M. The final outcome is not confirmed in the transcript.

// Primary Source

Full Transcript — Verbatim

Reproduced from Casualtek's Ransomchats archive. URLs have been redacted.

Victim names are shown only where the breach was publicly reported in mainstream media. Any organisation wishing their name redacted can contact us at enquiries@binary-response.com — we will act promptly.

[Hive] — 26 November 2021 16:25 — Message 1/4

Hello and welcome to Hive. How may I help you?

[Hive] — 29 November 2021 09:31 — Message 2/4

To decrypt your files you have to pay $3,500,000 in Bitcoin.

[Hive] — 29 November 2021 09:31 — Message 3/4

I have uploaded a list of exfiltrated files we have from your network.

[Hive] — 29 November 2021 12:36 — Message 4/4

If you will not to start communicating with us your company's profile will be disclosed, and then the rest of exfiltrated data

// Analysis

Analyst Observations

This was a brief exchange — either the victim responded quickly or disengaged early.
Hive ransomware was infiltrated and disrupted by the FBI in January 2023 in a major law enforcement operation that provided decryption keys to victims.

Hive Ransomware Negotiation — Redacted Organisation

About This Negotiation

Full Transcript — Verbatim

Analyst Observations

Facing a Ransomware Demand?