// Ransomware Negotiation Transcript
lockbit3.0 Ransomware Negotiation — Myers Power Products
// Context
About This Negotiation
This transcript documents a lockbit3.0 ransomware negotiation with Myers Power Products. The negotiation consisted of 99 messages exchanged over 22 days, beginning on 2023-01-25.
The initial ransom demand was Unknown. The final outcome is not confirmed in the transcript.
// Primary Source
Full Transcript — Verbatim
Reproduced from Casualtek's Ransomchats archive. URLs have been redacted.
Victim names are shown only where the breach was publicly reported in mainstream media. Any organisation wishing their name redacted can contact us at enquiries@binary-response.com — we will act promptly.
[Chat started]
I found your note on my machines what do I do now?
hi
do you need decrypt?
we have attacked your corporate network all your 4 TRUST domains
and also all your servers are encrypted inside ESXI
we also stole 250 GB of your data from all 4 of your networks, if our negotiations are unsuccessful, you will face high fines for GDRP
everything is encrypted inside the virtualization of your servers, too, in order to restore all servers, this can be done with our decryptor
How much is it going to cost us?
price for decrypt, delete your data on our servers,conducting an audit of your cybersecurity company and how we infiltrated you will cost = 4 500 000 USD in BTC
are you interested in the list of files that we stole from you?
I am interested. Can you provide the list of files taken?
10 min
[REDACTED URL]
listing here
I downloaded the list. If I give you a few file names can you provide those files to show you still have them?
yes give me name files
Can you provide "cable specifications sheets-ctsp-sm8.pdf" and "tbs-sysmap 8 12 2010.pdf"?
yes
wait
File: [Cable Specification Sheets - CTSP-SM8.pdf]
File: [TBS-Sysmap 8 12 2010.pdf]
The second file just sends me to another lockbit page and doesn't load anything?
now I'm moving through the file sharing service
[REDACTED URL]
Can i give you files to prove you can decrypt them?
Yes. You can make a test decryption by uploading the file to our portal.
I am notifying you that in a month your decryptor will be deleted forever automatically. and you won't be able to restore your systems.
ok sorry had issues grabbing file. I am testing the decryption link on the chat.
ok
you can take any small file from your PC and do the test yourself
so that you do not delay the negotiations and there is no action from you, then within 48 hours we will publish your company on our leaks website
I have the file and testing today. I did find something odd though and wanted to get confirmation from you.
We found another note on one of our servers claiming to be lockbit2 and has a completely different link. Do I have to go to that link to?
we have encrypted you with several types of our software
lockbit 2.0 (red), lockbit black, lockbit esxi version
Is the same decryptor used or will we get multiple decryptors?
get your own decriptors for each version, they are convenient for us and you will not have any problems
you can test from the version you found to make a test
Ok, i grabbed a file that is too big anyways I need to grab a smaller file. I will grab a file from the lockbit 2.0 one.
yes good
any updates?
I got the file and testing decryption soon.
I received a message the file cannot be decrypted?
send me the file here
File: [insink.txt.lockbit]
File: [insink.txt]
test is working! when will you make the payment?
any updates?
$4.5 million is a lot of money.
the price is from your income of your all companies! you're not a small company
why are you delaying the negotiations? are you waiting for publicity about your companies? or until the time of the decrypt runs out and he retires?
We are not delaying. I am willing to negotiate the price but $4.5 million is too much.
I am waiting for a serious offer from you closer to our price (I am ready to discuss a discount)
What discount are you will to give?
30%
payment for 72 hours discount will be valid
will you have enough time?
have you discussed our offer with the boss?
any updates?
your time is running out soon (discount), as well as you will lose the chance to return everything and get big fines for GTRD
Sorry was trying to access the page and it wouldn't load. So i tried the other links and it gave me a blank chat.
I sent everything across, my boss needs more time he had to get a board meeting together. Even with the discount $3mil is a lot of money we can't get that together quickly
you can write to any chat to us
How much time do you need?
Ok, I didn't know that. Thanks.
We have the board meeting tomorrow afternoon. Could you give us another 48 hours. I would have a better understanding of the amount we can have together.
yes, we are making concessions to you on time!
Thank you! I will keep you updated.
we wait you
how did the board of directors' negotiations go? the time you asked for will soon be over
We are still here. The board is behind us it is more about collection of funds.
how much time do you need?
I am not sure. Just a slow process. Our insurance only covered so much. We have to make up the difference. I will get a better time frame for you. Trying to figure it out ourselves
will we be able to fix the amount in bitcoins with you now? due to the high volatility of cryptocurrencies, it is better to fix immediately (for 48 hours)
Sorry, I don't understand
you will transfer the amount in bitcoins, the amount equivalent to the one we agreed with you, the price of cryptocurrencies often changes and we need to fix the amount that you have to transfer to us
138.5 BTC you need a transaction to us WALLETS
do we fix this amount for 48 hours?
I understand. So instead of usd comparison we would do 138.5 btc. We are working to get that amount of cash to purchase the btc. insurance only covered a small percentage so we have to come up with the rest.
hurry up, we made concessions to you and gave you a discount from our first price
do you have time in our time (48 hours)?
you here?
I am still hear just trying to work on getting it together. It's a lot of money to pull together and it is taking time.
how much time do you need? we will issue a post about you in the near future! don't try to leave for the weekend!
didn't leave its not easy to get 3 mil when insurance doesn't help. We are working on the loans but it will be at least Monday.
ok we wait you
any updates?
what news do you have?
ok, since you don't tell us anything, it was decided to create a blog with your companies in our blog in 3-4 hours. we will publish documents and correspondence with you (with a payment timer)
File: [lyonhealy.com-full-listing.rar]
I'm sorry I messed up the chat, it's not for you!
we have issued a block, with a timer and proof that we were in your network! 48 hours to get in touch
[REDACTED URL]
the private link is valid for 48 hours, then you will be in our blog, will we delay the payment?
why are you here?
will you be silent as well? are we publishing all your data?
we will also publish this correspondence with you
attached our chat! it will be at the expiration of the timer!
// Analysis
Analyst Observations
- LockBit 3.0 was the most prolific ransomware group of 2022-2023, responsible for more attacks than any other group. Their infrastructure was taken down by Operation Cronos in February 2024.
- → LockBit 3.0 threat actor profile — TTPs, ransom demands, and active campaigns.