// Ransomware Negotiation Transcript
lockbit3.0 Ransomware Negotiation — Entrust
// Context
About This Negotiation
This transcript documents a lockbit3.0 ransomware negotiation with Entrust. The negotiation consisted of 29 messages exchanged over 26 days, beginning on 2022-06-29.
The initial ransom demand was $8.0M. The final outcome is not confirmed in the transcript.
// Primary Source
Full Transcript — Verbatim
Reproduced from Casualtek's Ransomchats archive. URLs have been redacted.
Victim names are shown only where the breach was publicly reported in mainstream media. Any organisation wishing their name redacted can contact us at enquiries@binary-response.com — we will act promptly.
[Chat started]
Greetings, I recieved a note and need to know next steps. How can you help me?
hello! pay for key! after payment you will be able to restore your operations.
Greetings, Thank you for your response. We have not done this before and need help. What is the process?
You pay the amount we ask to our cryptowallet. We give you the tool and data listing of stolen files and confirmation that we deleted files.
What is the price for the decryption key? How can we be sure this will all work?
$8,000,000 is the price. Do google "lockbit" to ensure.
This is a very high amount that we can not afford. What can you do to bring the price down?
You can afford. The amount is fair for your company.
As a company who offers "high-assurance digital security solutions" the only thing you can not afford is such intrusion.
My boss would like to know why the stolen data is so valuable. What details can you provide on the data taken from our network?
We can provide listing of 10% of files we took from you.
Ok, thanks. Please send us that file listing. Would you also provide a sample of files for us to review?
password 8978724368901249897827902878412
[REDACTED URL]
Our management wants to bring this matter to a close, we are ready to pay $1 million if we can agree to close this matter.
$1 million is not acceptable.
Please understand that we want to work with you but we are not able to pay the full price. What discount can you offer?
We can offer 15% off. The price is $US 6 800 000.
Thank you for your help. We are still evaluating the file names you provided.
Hi,The price is still too high for us to get authorized. Our team needs additional information to verify the data. Will you please provide another sample of files for us to review?
You have to find a solution. Rest of data after payment.
Are you going to pay? We've been waiting.
Time is running out. We are going to start posting your files.
Hi, we discussed this with our management. They will authorize a new offer if we can get another data sample to review. Please help us and we will try to get this resolved soon.
You must pay before we give you anything. In the worst case you as well other people will be able to review the files for free on our DLC.
Are you going to pay?
We haven't received reply from you for a long time. We are preparing blog post.
We have prepared the blog post. We'll give you last chance and wait a bit more for your reply.
// Analysis
Analyst Observations
- The initial demand of $8.0M places this in the upper tier of ransomware demands, typically reserved for large enterprises.
- LockBit 3.0 was the most prolific ransomware group of 2022-2023, responsible for more attacks than any other group. Their infrastructure was taken down by Operation Cronos in February 2024.
- → LockBit 3.0 threat actor profile — TTPs, ransom demands, and active campaigns.