// Ransomware Negotiation Transcript

lockbit3.0 Ransomware Negotiation — Software Line

30Messages
4 daysDuration
$100.00Initial Demand
UnknownOutcome
// Context

About This Negotiation

This transcript documents a lockbit3.0 ransomware negotiation with Software Line. The negotiation consisted of 30 messages exchanged over 4 days, beginning on 2022-09-08.

The initial ransom demand was $100.00. The final outcome is not confirmed in the transcript.

// Primary Source

Full Transcript — Verbatim

Reproduced from Casualtek's Ransomchats archive. URLs have been redacted.

Victim names are shown only where the breach was publicly reported in mainstream media. Any organisation wishing their name redacted can contact us at enquiries@binary-response.com — we will act promptly.
[Software Line] — 08.09.2022 17:16:54 UTC — Message 1/30
[Chat started]
[Software Line] — 08.09.2022 17:18:32 UTC — Message 2/30
hi
[Software Line] — 08.09.2022 17:22:07 UTC — Message 3/30
there are someone
[Software Line] — 08.09.2022 17:32:48 UTC — Message 4/30
please
[Software Line] — 08.09.2022 17:44:34 UTC — Message 5/30
how can i decrypt my file?
[Software Line] — 08.09.2022 17:44:49 UTC — Message 6/30
how i can pay?where?
[lockbit3.0] — 08.09.2022 23:40:54 UTC — Message 7/30
hi
[lockbit3.0] — 08.09.2022 23:41:10 UTC — Message 8/30
to decrypt the data and avoid publication you need to pay us. we haven't published your name on our blog yet
[Software Line] — 09.09.2022 03:35:37 UTC — Message 9/30
how much pay?
[lockbit3.0] — 09.09.2022 03:38:11 UTC — Message 10/30
$100k
[Software Line] — 09.09.2022 03:38:41 UTC — Message 11/30
too much
[Software Line] — 09.09.2022 03:39:06 UTC — Message 12/30
and i m not sure that you decrypt my file
[lockbit3.0] — 09.09.2022 03:40:33 UTC — Message 13/30
we have a test decryptor, you can try. just use it correctly
[Software Line] — 09.09.2022 03:41:05 UTC — Message 14/30
max 50kb my file are more big
[lockbit3.0] — 09.09.2022 03:42:50 UTC — Message 15/30
then use another file
[Software Line] — 09.09.2022 03:43:08 UTC — Message 16/30
100k$is too much my company is small
[lockbit3.0] — 09.09.2022 03:45:22 UTC — Message 17/30
you'll have to look for money. not that small a company. we know who you are
[lockbit3.0] — 09.09.2022 03:47:11 UTC — Message 18/30
I'll give you advice right away. we don't like whiners and negotiators. we are serious people and we have a reputation and we came here not to play and not to joke. so pay and be free
[Software Line] — 09.09.2022 03:55:11 UTC — Message 19/30
for us is too much if i pay 100k if i pay i can close my company, i know you are serious
[Software Line] — 09.09.2022 03:55:38 UTC — Message 20/30
i can pay max 10000$
[Software Line] — 09.09.2022 04:11:20 UTC — Message 21/30
how i can pay?
[Software Line] — 09.09.2022 04:15:51 UTC — Message 22/30
ok! i speak with ceo and we pay 100K but how pay?thanks
[lockbit3.0] — 09.09.2022 09:11:57 UTC — Message 23/30
we accept payment only in BTC
[Software Line] — 09.09.2022 09:19:18 UTC — Message 24/30
wich address?
[lockbit3.0] — 09.09.2022 09:52:35 UTC — Message 25/30
bc1qpgggs7j546rfavshtckq4v8x4fh87zztaqw5zz
[Software Line] — 09.09.2022 14:10:15 UTC — Message 26/30
sorry i open account on exchange but i can't buy 100k in btc, i can only send you 10k in btc otherwise financial company control me and block my company
[Software Line] — 09.09.2022 14:11:06 UTC — Message 27/30
if you want i send you 10k in btc otherwhise i prefer lost and close my company
[lockbit3.0] — 09.09.2022 14:14:25 UTC — Message 28/30
use brokers. we will not accept 10k
[lockbit3.0] — 09.09.2022 14:14:54 UTC — Message 29/30
you're funny
[lockbit3.0] — 12.09.2022 14:45:32 UTC — Message 30/30
will you pay? or should I publish a post about you?
// Analysis

Analyst Observations

  • LockBit 3.0 was the most prolific ransomware group of 2022-2023, responsible for more attacks than any other group. Their infrastructure was taken down by Operation Cronos in February 2024.
  • LockBit 3.0 threat actor profile — TTPs, ransom demands, and active campaigns.

Facing a Ransomware Demand?

Whether you choose to negotiate or refuse — having specialists in the room changes the outcome.

Contact Us Now Our Negotiations Service →