lockbit3.0 Ransomware Negotiation — Wabtec Corporation

[Chat started]

Hello we are writing you as you ask in your note. How do we get our files back?

We are Wabtech, I am IT mgr with firm. Thank you.

How much are you asking for?

Hello, we moved to here as you asked.

You mentioned you took out data, we need to understand that better. Please show us what you have taken so I can take this to the bosses. Thank you.

Thank you for this. I will send this to our bosses for review.

Our team and bosses are reviewing your large list. How much data is that? Also, would you kindly let us pick some files our of your list to ask for so we know you do indded have our data? Thank you.

Hello, can we please receive these files back from you?

F:\wabtec\files\WCSSRV0453_Commercial_Functions\Commercial Functions\Marketing\Marketing Effectiveness\Training Conferences\What a Declining Business Media Means to CEOs.pdf F:\wabtec\files\CommercialKnowledgePortal\Commercial Knowledge Portal\Competitor Intelligence\CI at Tradeshows\2010 InnoTrans\InnoTrans 2010 Photos\Voith\Gravita Switcher\DSC01672.jpg F:\wabtec\files\CRDSRV0008_Documentation_and_Manuals\Documentation and Manuals\Vishay Strain Gauge Manuals\Vishay Micro Measurements\Vishay M-Line Accessories.pdf F:\wabtec\files\wcssrv036_RCV_Public_Drive\RCV_Public_Drive\SAFETY\Carson\Incident -Injury Forms\WGS SAFETY ALERT NOTICE TEMPLATE.docx F:\wabtec\files\LPZSRV0014_Technologie\Technologie\ToPs_Daten\Dokumente\LASER\DATEN\5185766_1.pdf F:\wabtec\files\VCISRV0028_Project_Engineering\Project Engineering\Engineering Administration\Policies, Procedures and Guidelines\Travel Policy\Wabtec Travel and Entertainment Policy - Final_2019-11-01.pdf F:\wabtec\files\WCTSRV0018\g\PLM\WTDSRV0014\projects\DenverP3_CP\1-56468_SLDPRT\D\whereused.pdmw F:\wabtec\files\WCMSRV0006_Pre-stagedData\Pre-stagedData\Completed Projects\QJHO01001-JohnHolland-Certification of Points\E - Engineering\E2 - Deliverables\CMC - Turnout Certification\Checksheets\03.05.2018 F:\wabtec\files\Departments_hr\HR\BENEFITS\WELLNESS 2016\Wabtec Online Store Flyer.docx F:\wabtec\Manufacturing\CAR projects\Wabtec QIP Assessment Info Request.xlsx F:\wabtec\files\WTDSRV0030_Materials\Materials\Packing Slips OSWH\2022\May 2022\5-23-22.pdf F:\wabtec\files\Finance1\turbo_LP\fixed assets\TNX\Tooling\50311 Balancing tool.pdf F:\wabtec\files\BSLSRV0001_Customer_Files\Customer Files\1. Customer Information\Siemens Mobility\2021\Purchase Orders\PO 4509763478, SO-0014037, 49364-14, 2021-12-14\Buy America Certificate_Rev.1 (PO 4509763478) - Signed Dec. 22, 2021.pdf F:\wabtec\files\WBJSRV0002_Accounting\Accounting\ABNER\ateixeira\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SH5IQIL6\597D3FCACB12FBFAC9CEBBAFF93D[1].jpg

14 total please.

Thank you for this. Sending to the bosses for review, be back in touch.

Hello, can you please decrypt these files so we know your key works per your message on this site?

File: [registry.xml.lockbit]

Thank you. So if we were considering payment, would we get 1. Working decryptor tool 2. Our data back or deleted 3. Guarantee to not publish it or leak it on dark web 4. Tell us how you got into our network? Please let us know.

Ok, letting bosses know the above. We are still reviewing the data dump due to size, and will be talking to the bank to see how much funds we would be avle to come up with. Be back in touch.

Hello, is this all of the data you have taken from us, in your file listing? Can you please let us know. Thank you.

Ok, that is good for us to know. We will be trying to come up with as many funds as we can and are circling up with the bank when they open after the weekend. How do we get BTC? Thanks.

Hello we are engaged with the bank, the logistics are going to take a little bit of time. This is not something we are used to deal with. We need some more time please.

Hello our bosses and executive team are in contact with the bank about logistics and how much we can get, this is not something they normally do so the logistics are hard and take some time. We cannot make this happen by Friday, we are asking for more time, next week please. We are talking to you in good faith and thank you for your help so far.