// Ransomware Negotiation Transcript
lockbit3.0 Ransomware Negotiation — HGC Global Communications
// Context
About This Negotiation
This transcript documents a lockbit3.0 ransomware negotiation with HGC Global Communications. The negotiation consisted of 8 messages exchanged over 1 days, beginning on 2023-07-11.
The initial ransom demand was Unknown. The final outcome is not confirmed in the transcript.
// Primary Source
Full Transcript — Verbatim
Reproduced from Casualtek's Ransomchats archive. URLs have been redacted.
Victim names are shown only where the breach was publicly reported in mainstream media. Any organisation wishing their name redacted can contact us at enquiries@binary-response.com — we will act promptly.
[Chat started]
May I know how much are you charging for the decryptor?
hello
Price per decrypt 19 000 000 usd in btc
In addition to the attack on your network, several hundred GB of your data were stolen.
This price includes our software and data deletion so that we do not publish them anywhere.
Frankly, the company being attacked is an insolvent company which has been in liquidation administration for a few years already. The company basically has no valuable asset and it can only afford USD5,000 for the decryptor. I would be grateful if you could accept the offer of USD5,000 in BTC for the decryptor.
it's funny, why would they pay anything at all? you have 48 hours to start adequate negotiations, then I publish a blog and attach this correspondence to the blog with your files
// Analysis
Analyst Observations
- This was a brief exchange — either the victim responded quickly or disengaged early.
- LockBit 3.0 was the most prolific ransomware group of 2022-2023, responsible for more attacks than any other group. Their infrastructure was taken down by Operation Cronos in February 2024.
- → LockBit 3.0 threat actor profile — TTPs, ransom demands, and active campaigns.