// Ransomware Negotiation Transcript
lockbit3.0 Ransomware Negotiation — Porcelanosa USA
// Context
About This Negotiation
This transcript documents a lockbit3.0 ransomware negotiation with Porcelanosa USA. The negotiation consisted of 8 messages exchanged over 3 days, beginning on 2022-08-12.
The initial ransom demand was $1.5M. The final outcome is not confirmed in the transcript.
// Primary Source
Full Transcript — Verbatim
Reproduced from Casualtek's Ransomchats archive. URLs have been redacted.
Victim names are shown only where the breach was publicly reported in mainstream media. Any organisation wishing their name redacted can contact us at enquiries@binary-response.com — we will act promptly.
[Chat started]
what do you want?
Hi
The price of the decryptor and deletion of your data is $1,500,000 in bitcoins. 275gb of data was stolen. At the moment we haven't published your name to the blog to keep the attack secret, but if you don't pay we will fix it! We know who you are and how much you earn.
i dony have access to such amout of cash sir
It doesn't concern us. Solve the problem within the company! Call the main office in Spain. Soon we will send you a tree of stolen data
[REDACTED URL]
Have you looked at the data tree? When will you pay?
// Analysis
Analyst Observations
- This was a brief exchange — either the victim responded quickly or disengaged early.
- LockBit 3.0 was the most prolific ransomware group of 2022-2023, responsible for more attacks than any other group. Their infrastructure was taken down by Operation Cronos in February 2024.
- → LockBit 3.0 threat actor profile — TTPs, ransom demands, and active campaigns.