lockbit3.0 Ransomware Negotiation — Redacted Organisation

hello sir, can you help me what you need to decrypt my files?

[redacted].pdf.usKv553SJ this is a sample file

could you please how much it will cost to recover my files because we need to know the costs involved.

sir this amount is very high to be paid. We would like to work with you because it will take much time to recover our infrastructure. So some questions from our side \n1. Can you please provide a generous discount so it\'s easier for us to consider your solution?\n2. How fast the recovery process will take if we work with you ?

Thank you for the file.\nIt\'s been a very hard year for our company, also as you know we are in Greece and since 2010 it\'s been very tough times for businesses. And the end of the year is always very hard financially with cashflows.\n\nThat\'s why i am asking for your understanding in price, so I can make an easier decision for my manager to decide.\nPlease if you can convince your own management to consider a generous discount it will help us in our decision with positive result. \nFrom our side we want our files faster and without loses than the options we have now. \nIt seems that you can provide this service from the proof you sent.\nIt would be nice if we can find an agreement on a price we can pay so we can pay you.\nRight now the amount you said is far beyond our real financial capability so we cannot consider this an option.

First of all thank you for your understanding and the discount you provided. \nI appreciate your help on this. \nBut still we are very far away from what we can really pay. \nStill the amount you mentioned after the discount is very hard to find in cash.\nWe need to take some serious IT decisions tomorrow as most consultants advised us to format and start from latest offline files which will take several days.\nSo please if you can give us a more grounded financial proposal do so since the purpose here is to see if we can use your services.

Please don\'t misunderstand the interest to find a way to pay you with insult. This was not my point. I respect you are talking with us right now and understanding our side. I just want to make it work for our company based on our limitations in cashflow in the end of the year. I know that you don\'t care about us. You attacked us after all. I understand that it\'s just business for you. Some pay, some don\'t. We want us to both benefit from this incident. We gain knowledge and you gain money. But we wanted to get an amount that we can be able to pay you realistically. We are not here to play either. Unfortunately if your purpose is to raise the price there is no point of discussing any more. Even if we find the correct amount we can pay, we will need at least 7 working days to pay you. Regulations are hard with this kind of transactions.

Is there a way to recover 2-3 computers with 15k and get a partial service from your side? So we can see the quality of your service that is valid and then during next year purchase some more bundle of computers? I am just exploring options here to help our operations based on our cashflows.

Hello sir, could you please accept the price of 30000$ before the end of the year so we can catch up with the processes to pay you in full for the full service you provide? It will take a lot of effort for us to return to normality so we can see this as a successful penetration test from your team and justify the expenses we need to pay to your work. Mention we need some days to manage to pay this huge amount of money so we need your understanding on this.

Please stay with me on this. Even if we find a way to work together, the amount is too big to find it these days. Last two years it\'s been very hard for us and it\'s the end of the year. We are trying to find whatever resources are available in cash and let you know. In the following two days we will have a better picture on our financials. We need at least 6-7 days to find 30k, we will need more to get more money to you. There is very limited cashflow in the end of the year which makes things very hard. Let me see what we can do and get back to you. I will try my best, because we want this to finish soon. There is big spending in the end of the year and limited cash receivable. Need more time to see what we can do for you.

hello sir, can you please let us know how we can do the payment?

We managed to gather this amount you requested. It\'s been very hard. \n\nPlease let us know if you accept the following.\nWhen we pay 50.000$ USD to this wallet [redacted] you will keep your promise to:\n1. Give us a tool to decrypt all our files in ESXi and all computers affected and we will decrypt today\n2. Provide technical support from your side in case something doesn\'t work\n3. Promise you will never attack us in the future\n4. Help us understand how we can prevent such incidents again in the future and explain how you managed to get in our infrastructure along with technical details.\n\nWhen we have your replies and confirmation for the above we proceed in the payment.

if we pay in the next hour when we will get decryptor?

shall we sent 10$ just you to confirm and then send the rest 49990 ?

[REDACTED URL] can you confirm you received this ?

bitcoin seller sais you got the money. Please confirm\n[REDACTED URL]

ok

this is not decryptor

What about esxi ?

ok give me 5 minutes

the VMDK files cannot be decrypter with the .exe decryptor. could you please send decryptor for VMDK in ESxi based on the txt file i sent you 15 minutes ago ?

is there a way to decrypt VMDK files on windows? i have a copy of them and the windows decryptor doesn\'t work with them

please provide command line instructions to run linux

1. Could you please tell me which commands to run on ESXi step by step in order to decrypt all files?\n2. Is there a chance that something goes wrong when i execute this decrypt_ESXI_X64 command on ESXi? Do i lose all the VMDK files in the server?