// Context
About This Negotiation
This transcript documents a Hive ransomware negotiation with a redacted victim organisation.
The negotiation consisted of 24 messages exchanged over Unknown.
The initial ransom demand was $1.0M. The final outcome is not confirmed in the transcript.
// Primary Source
Full Transcript — Verbatim
Reproduced from Casualtek's Ransomchats archive. URLs have been redacted.
Victim names are shown only where the breach was publicly reported in mainstream media. Any organisation wishing their name redacted can contact us at
enquiries@binary-response.com — we will act promptly.
[Hive] — 20 December 2021 06:56 — Message 1/24
Hello and welcome to Hive.
How may I help you?
[Victim] — 21 December 2021 05:46 — Message 2/24
Really?
[Hive] — 21 December 2021 05:47 — Message 3/24
Hello. Please, introduce your company first.
[Victim] — 21 December 2021 06:05 — Message 4/24
No
Private individual
[Victim] — 21 December 2021 06:19 — Message 5/24
So how much are you trying to extort from me then?
[Victim] — 21 December 2021 09:14 — Message 6/24
Hi, I got a message on my computer
[Hive] — 21 December 2021 09:16 — Message 7/24
Hello. Please, introduce your company first.
[Victim] — 21 December 2021 09:18 — Message 8/24
I'm a user of [redacted-software-vendor] point of sale software, [redacted-victim] store
[Victim] — 21 December 2021 09:26 — Message 9/24
Can you help us with information?
[Hive] — 21 December 2021 09:27 — Message 10/24
Send us email from your corporate mail account to this address to verify it's you:
[redacted]_support@protonmail.com
[Hive] — 21 December 2021 09:32 — Message 11/24
Only the main company are able to purchase the decryption software. It cost's $1,000,000 in Bitcoin.
[Victim] — 21 December 2021 09:38 — Message 12/24
I sent the email, we don't have that kind of money. We a small liquor store in [redacted-location] and only use [redacted-software-vendor] software as a point of sale
[Hive] — 21 December 2021 09:43 — Message 13/24
Our target is a company that allowed a huge vulnerability in its system that led to a massive infection of [redacted-software-vendor]'s customer network. Accordingly, this company must resolve this issue and justify the trust of its customers.
[Victim] — 21 December 2021 09:47 — Message 14/24
Hi, I also got attacked with this software. I just use [redacted-software-vendor] point of sale to run my small bed and breakfast. I see there is previous chats here with people also using [redacted-software-vendor] software. How much will decryption be in my case? I am not the [redacted-software-vendor] company.
[Hive] — 21 December 2021 09:53 — Message 15/24
[redacted-software-vendor] is responsible for you at this time. You are advised to contact them for a speedy resolution of your problems.
[Victim] — 21 December 2021 09:53 — Message 16/24
I would also like to know if we can come to a compromise as we can't trade and we been hurt badly with [redacted-location] rules for lockdowns
[Victim] — 21 December 2021 10:24 — Message 17/24
Hi, can you please help
[Hive] — 21 December 2021 10:25 — Message 18/24
Please, introduce your company first
[Victim] — 21 December 2021 10:26 — Message 19/24
Morning, obviously you know our frustration when waking up this morning and to realize that we've been hacked... a second time in 2 years... you clearly do not do your research... you can check that we are a lodge/hotel in the rural parts of [redacted-location], which is a third world country (do you know where that is???)... please check your world map and our web address to confirm this. We also only use [redacted-software-vendor]'s "Reservation" and "Point of Sale" system like the other poor souls above. We are all trying to make a decent living after Covid struck, and we in the hospitality sector suffered the most without being able to trade fully for 12-18 months. So with hardly being able to pay our staff where do you think we will be able to get US Dollars to pay you? Our US exchange rate is currently [redacted-currency] to 1$. You should hack the [redacted-location] government because they will be the only ones who can afford to pay you in US$... So please be reasonable and hack the big guys in the future not us on the ground trying to make a living. [redacted] Thanks and awaiting your reply...
[Hive] — 21 December 2021 10:32 — Message 20/24
Obviously you don't know that our goal is not you, our goal is [redacted-software-vendor] which has the profits to cover all recovery costs. Once again, we want to hold [redacted-software-vendor] accountable in this panel to solve all your problems.
[Victim] — 21 December 2021 10:59 — Message 21/24
[redacted-software-vendor] sell software locally they don't make that kind of money as they once off sale only, I bought it 7 years ago and they they haven't charged a cent since
[Victim] — 21 December 2021 11:03 — Message 22/24
By doing this you are putting our families livelihoods at risk, if we had money we wouldn't be using a cheap point of sale
[Victim] — 3 January 2022 14:10 — Message 23/24
hi
[Hive] — 3 January 2022 19:38 — Message 24/24
Hi