lockbit3.0 Ransomware Negotiation — Oklahoma City University

[Chat started]

We got your note. Can we chat?

Are you kidding me?!?! That's a crazy amount of money. What is the 285GB of data? Can you send it to me so I can review?

we have the list and we are looking, we will have an answer soon.

We're referring to the data tree and screenshots you sent us. Please have some patience here. There are a lot of moving parts right now and we need time to review, assess and bring our board up to speed on these matters. Please do not post us anywhere. We have a meeting coming up and your questions will be addressed soon.

Progress is being made. This is not something we encounter everyday and are just making sure we are doing our due diligence. Please have patience. We likely wont be able to reach any agreements with you if you make a post about the attack.

Please show us the following files from the list you sent us

Budget$\2020.12.09 - Athletic Discount and Profitability Analysis by CFO Dave McConnell.pdf.....HResources\Faculty Sabbatical Tracking Sheet.xlsx.....HR-PayrollShare\Payroll Metrics_Planning 2021.xlsx.....Security\Supervisors\City Mutual Aid Agreement\OCU-OCPD Memo.pdf.....General Counsel\2019 Series Bonds\2021 S&P Ratings Call\S&P\Executive Committee Update 8-24-21.docx..... busoffice\Audit\2020-2021\000-FY2021 Audit Folder\Financial Stmts\OCU_21 FS_Final.pdf

Yes we have looked. We were skeptical at first but we now see that you have what you say you do. We want to meet to discuss, however, two of our senior members are on personal leaves of absence today. We will have our meeting Monday morning to catch them up and will contact you afterwards.

How are we suppose to get $1M? That isn't a fair amount here, it's not reasonable on our end. Our revenue doesn't reflect the amount of cash we have access to. Can you go to your boss and see if their is a discount?

We don't want this to take a long time. But we don't have that much money. We need a better price and then we can get this done.

We have been dealing with so much over here and are a little short-staffed right now. We went to the bank with your $1M demand and they pretty much laughed in our faces. They want us to come back on Monday with a lower number. We haven't offered anything because we truly don't know how much we can get in total. What is the biggest discount you can give us based on that and what we have said to you in the past? You seem to be in a rush here so let's please help each other.

By the end of the week is when you want payment?! Based on how this is going no payment will be made if you publish our data tomorrow. The board has decided, as a whole, that we won't be paying anything if our name ends up on your blog. We've been working with you this whole time to make some progress so let's please not start making threats. At the top of the chat, it says we still have 16 days left. Please work with us not against us here.

We're waiting to hear from the bank, we're hoping they will be able to help us out here. Please remain calm, we want this over with as much as you do. I'm not sure what they will think of all this. So please, do not publish anything, not even our name tomorrow or else my boss won't want to pay anything. We need to see what the bank says about a loan as we don't have anything close to your demand on hand. If it were up to me you'd already have your money, but there are other factors in play here. It's not just a one man operation, similar to yours. We will give you an update after we hear from the bank. We're hoping they will give us an answer Monday. I'm sorry but not all the decisions are up to me.

Hello, sorry for the delay. We got some responses and our meeting is happening tonight. We will be able to get you an decent offer tomorrow, so please keep an eye out for our response then.

We are here. We apologize for not giving you an update yesterday but we already short staffed and could not make to the chat. Please do not reveal anything related to the attack to the public. We're working and juggling a lot to get everyone to get on board with a payment here. It has been tough for us to scramble funds together, but at this moment we have $25k on hand that we can send your way. Unfortunately the bank never got back to us about a loan amount, so we're still waiting to see if they will give us any amount. They aren't too happy about sending money to hackers. Is this something you would make a profit from? How much does it cost you to hack a company?

$25K is what we have right now. We're just letting you know and trying to be transparent with you. Can you come down on your demand at all? This would help me convince some people to try and get more money. It would also show everyone that you're willing to work with us. We're not trying to upset you here, that's not our intention. Any post about us and we won't get approval to pay any amount so let's please work together.