// Context
About This Negotiation
This transcript documents a lockbit3.0 ransomware negotiation with WCI.
The negotiation consisted of 34 messages exchanged over 19 days, beginning on 2023-02-17.
The initial ransom demand was Unknown. The final outcome is not confirmed in the transcript.
// Primary Source
Full Transcript — Verbatim
Reproduced from Casualtek's Ransomchats archive. URLs have been redacted.
Victim names are shown only where the breach was publicly reported in mainstream media. Any organisation wishing their name redacted can contact us at
enquiries@binary-response.com — we will act promptly.
[WCI] — 17.02.2023 14:22:37 UTC — Message 1/34
[Chat started]
[lockbit3.0] — 17.02.2023 14:25:39 UTC — Message 2/34
hi. to decrypt the data and avoid publication you need to pay us.
[WCI] — 17.02.2023 14:25:46 UTC — Message 3/34
We got notice that our name and screenshots of some of our data were posted to your TOR darknet site. We are interested in learning more about this situation. Have you sold the data?
[lockbit3.0] — 17.02.2023 14:25:56 UTC — Message 4/34
soon we will send you a tree of stolen data
[lockbit3.0] — 17.02.2023 14:26:32 UTC — Message 5/34
we did not sell your data. we will publish it for free
[WCI] — 17.02.2023 14:26:44 UTC — Message 6/34
ok, has the data been sold yet? How much data do you have?
[lockbit3.0] — 17.02.2023 14:27:16 UTC — Message 7/34
We'll send you the tree now, wait for it.
[WCI] — 17.02.2023 14:27:24 UTC — Message 8/34
ok
[lockbit3.0] — 17.02.2023 14:27:53 UTC — Message 9/34
124gb - confidential files, financial reports, hr, passports
[lockbit3.0] — 17.02.2023 14:41:17 UTC — Message 10/34
Download link: [REDACTED URL]
[lockbit3.0] — 17.02.2023 14:41:31 UTC — Message 11/34
Password: B@N$m@piDSvsErZQc(XEEuy6c
[WCI] — 17.02.2023 18:05:46 UTC — Message 12/34
Thank you. We will take a look. I'm having a hard time getting into you Tor chat. It keeps timing out.
[lockbit3.0] — 17.02.2023 18:51:50 UTC — Message 13/34
I and other companies have no complaints. try restarting TOR or using other links from the note
[lockbit3.0] — 20.02.2023 13:28:55 UTC — Message 14/34
Hi, what's the news?
[WCI] — 21.02.2023 13:10:00 UTC — Message 15/34
My leadership assessing the value of the data. How much to keep it from being published?
[lockbit3.0] — 21.02.2023 13:18:52 UTC — Message 16/34
1,500,000$ USD
[WCI] — 21.02.2023 13:21:13 UTC — Message 17/34
That seems a little excessive to me, but I'll pass it on to my leadership.
[lockbit3.0] — 21.02.2023 13:22:47 UTC — Message 18/34
If you pay quickly, we'll give you a discount.
[lockbit3.0] — 21.02.2023 13:24:02 UTC — Message 19/34
While we're negotiating we've paused the timer and hidden you from the blog
[WCI] — 21.02.2023 13:25:04 UTC — Message 20/34
What kind of discount?
[lockbit3.0] — 21.02.2023 13:26:06 UTC — Message 21/34
If you pay within 48 hours, we will give you a 30% discount
[WCI] — 21.02.2023 13:27:35 UTC — Message 22/34
I'll pass that along to leadership.
[lockbit3.0] — 21.02.2023 13:27:52 UTC — Message 23/34
Ok
[lockbit3.0] — 22.02.2023 19:43:32 UTC — Message 24/34
what news?
[WCI] — 22.02.2023 21:29:42 UTC — Message 25/34
Leadership is still evaluating the data and deciding on if it's important enough to pay you. How would we know for sure if you deleted all our data? Or not sold it?
[lockbit3.0] — 22.02.2023 21:34:21 UTC — Message 26/34
We do not sell data, without publication. And most importantly - our reputation.
[lockbit3.0] — 27.02.2023 20:39:44 UTC — Message 27/34
it's time to pay
[WCI] — 01.03.2023 12:41:58 UTC — Message 28/34
Considering the data you took it is not worth $1.5M to us, nor will you be able to sell the data for even a fraction of that amount on the dark web, what is the least amount you will consider for payment?
[lockbit3.0] — 01.03.2023 12:49:16 UTC — Message 29/34
We are not talking about selling your data. we will put it on our blog for free for everyone if you do not pay. you are negotiating for a very long time, and this will not play into your hands. we know that you are specifically delaying negotiations so that we agree to a lower amount. on the contrary, if you pay quickly we can give you a discount for speed.
[WCI] — 02.03.2023 15:18:22 UTC — Message 30/34
What is the discount?
[lockbit3.0] — 02.03.2023 17:42:59 UTC — Message 31/34
we are ready to give you a 30% discount on a quickly payment
[WCI] — 03.03.2023 21:44:28 UTC — Message 32/34
Our data is not worth $1M to you or us, but I'll take it to leadship because I'm just the messenger. It will be Monday before I will be able to get back to you. The leadership team will not be around this weekend.
[lockbit3.0] — 03.03.2023 21:55:47 UTC — Message 33/34
I think you'll understand how much your data is worth after it's published. When you incur reputational losses, fines from the state, courts and others. You will lose even more money than we are asking for. For your company, with multimillion-dollar revenues, paying that amount and forgetting about it won't be a big deal. I'm sure your boss has much more money in his personal cryptocurrency account
[lockbit3.0] — 08.03.2023 22:34:38 UTC — Message 34/34
when wiil you pay?