// Ransomware Negotiation Transcript

lockbit3.0 Ransomware Negotiation — Águas do Porto

3Messages
1 dayDuration
UnknownInitial Demand
UnknownOutcome
// Context

About This Negotiation

This transcript documents a lockbit3.0 ransomware negotiation with Águas do Porto. The negotiation consisted of 3 messages exchanged over 1 day, beginning on 2023-01-30.

The initial ransom demand was Unknown. The final outcome is not confirmed in the transcript.

// Primary Source

Full Transcript — Verbatim

Reproduced from Casualtek's Ransomchats archive. URLs have been redacted.

Victim names are shown only where the breach was publicly reported in mainstream media. Any organisation wishing their name redacted can contact us at enquiries@binary-response.com — we will act promptly.
[Águas do Porto] — 30.01.2023 08:29:27 UTC — Message 1/3
[Chat started]
[lockbit3.0] — 30.01.2023 08:44:43 UTC — Message 2/3
Hi do you need decrypt?
[lockbit3.0] — 30.01.2023 08:46:54 UTC — Message 3/3
we also stole 200 GB of files from you if you do not want to cooperate with us, we will publish your data on our leak site. your company will face high penalties for GDRP
// Analysis

Analyst Observations

  • This was a brief exchange — either the victim responded quickly or disengaged early.
  • LockBit 3.0 was the most prolific ransomware group of 2022-2023, responsible for more attacks than any other group. Their infrastructure was taken down by Operation Cronos in February 2024.
  • LockBit 3.0 threat actor profile — TTPs, ransom demands, and active campaigns.

Facing a Ransomware Demand?

Whether you choose to negotiate or refuse — having specialists in the room changes the outcome.

Contact Us Now Our Negotiations Service →