// Context
About This Negotiation
This transcript documents a Mallox ransomware negotiation with a redacted victim organisation.
The negotiation consisted of 29 messages exchanged over Unknown.
The initial ransom demand was $20,000. The final outcome is not confirmed in the transcript.
// Primary Source
Full Transcript — Verbatim
Reproduced from Casualtek's Ransomchats archive. URLs have been redacted.
Victim names are shown only where the breach was publicly reported in mainstream media. Any organisation wishing their name redacted can contact us at
enquiries@binary-response.com — we will act promptly.
[Victim] — [29/05/2023 05:26] — Message 1/29
[REDACTED URL]
[Mallox] — [29/05/2023 05:26] — Message 2/29
Sent the file
[Victim] — [29/05/2023 05:36] — Message 3/29
The customer's backup was not encrypted, the customer had the backup, and only lost a day's worth of data
[Mallox] — [29/05/2023 05:48] — Message 4/29
All customers say so
[Victim] — [29/05/2023 06:45] — Message 5/29
Send the test file first
[Mallox] — [29/05/2023 06:57] — Message 6/29
The technician is not online, please wait patiently
[Victim] — [29/05/2023 15:06] — Message 7/29
Still no test files?
[Mallox] — [29/05/2023 15:10] — Message 8/29
Be patient, the admin should be right back
[Mallox] — [29/05/2023 16:02] — Message 9/29
Sent the file
[Victim] — [29/05/2023 23:06] — Message 10/29
This price is too expensive, give a discount, I will confirm tomorrow whether the customer has a backup
[Mallox] — [30/05/2023 04:27] — Message 11/29
Discount 16%. Discount expiration date: 2023-06-05
[Victim] — [30/05/2023 06:00] — Message 12/29
10000USDOK?
[Mallox] — [30/05/2023 06:00] — Message 13/29
no
[Mallox] — [30/05/2023 07:15] — Message 14/29
20000 USD could be accepted
[Victim] — [30/05/2023 08:39] — Message 15/29
This price is too expensive, and some customers have already returned to it
[Mallox] — [30/05/2023 09:08] — Message 16/29
You should be trying to get your clients instead of asking me
[Victim] — [30/05/2023 11:08] — Message 17/29
I understand, but the customer thinks the price is too expensive, and others ask you, 10,000USD I will get the customer
[Mallox] — [30/05/2023 11:09] — Message 18/29
$25000 or give up
[Victim] — [30/05/2023 19:14] — Message 19/29
15000USD OK?
[Mallox] — [31/05/2023 10:11] — Message 20/29
no
[Mallox] — [31/05/2023 10:24] — Message 21/29
I can offer 25000 USD and it's best price which you can get for decryption of all your servers
[Victim] — [01/06/2023 05:37] — Message 22/29
The customer budget is out, 10000usd ok? If OK, arrange to pay tomorrow
[Mallox] — [01/06/2023 05:45] — Message 23/29
this is not interesting for us. It was said before - 25000 USD
[Victim] — [01/06/2023 06:06] — Message 24/29
I've
heard from customers that other middlemen have already received a
discount of about $10000 and I need the lowest discount to get
customers.
[Victim] — [01/06/2023 06:28] — Message 25/29
Please give us the lowest price, after all, we have also settled more than $100,000 order with you.
[Victim] — [01/06/2023 07:59] — Message 26/29
Is the 20000USD mentioned earlier okay?
[Mallox] — [01/06/2023 08:05] — Message 27/29
this is last price, no lower
[Victim] — [01/06/2023 09:07] — Message 28/29
What is the final price? 20000USD?
[Mallox] — [01/06/2023 09:09] — Message 29/29
20000 USD