// Ransomware Negotiation Transcript
Mallox Ransomware Negotiation — Redacted Organisation
// Context
About This Negotiation
This transcript documents a Mallox ransomware negotiation with a redacted victim organisation. The negotiation consisted of 62 messages exchanged.
The initial ransom demand was $20,000. The negotiation resulted in a confirmed payment.
// Primary Source
Full Transcript — Verbatim
Reproduced from Casualtek's Ransomchats archive. URLs have been redacted.
Victim names are shown only where the breach was publicly reported in mainstream media. Any organisation wishing their name redacted can contact us at enquiries@binary-response.com — we will act promptly.
hello?
Sent the file
Brother, please give me a discount
To send funds, use the BTC address specified below: [redacted]. Do not send more than 1 payment to this BTC address
Discount 20%. Discount expiration date: 2023-05-03
We are a small enterprise and we cannot afford to spend so much money. Is 5000 USD okay
To recover your files you need a decryption tool. We are ready to sell it to you at the price indicated on this page
If I were to make money now, how long would I be able to give me the tools
Then we will complete the deal today.
Can you decrypt the test file so that we can take a look?
We can make test decrypt for free for not valuable files (xls, doc, bat, txt, jpeg, png, pdf, exe or etc)If you need a test then upload your file on any file host and send me download linkFile hosts: sendspace.com / dropmefiles.com / google.com/drive / file.io / wetransfer.com
[REDACTED URL]
this link
wait
Okay, please hurry up
We plan to make payment after seeing the decrypted test files. Could you please hurry up? Thank you
wait
Could you please hurry up
The technician went out, wait
Can we complete the transaction tonight? We have been waiting on our end, please make sure to complete the transaction tonight
yes
Hello, has the technology returned? We have been waiting
Wait patiently, don't worry, I will tell you after the production is completed
How long will it take
We've been waiting all night tonight, please feel free to contact me anytime
I know
Sent the file
which amount you are going to pay?
Didn't you say 20000U?
current price for decryption tool after disocunt is 20000 USD
that's right
just to figure out
We are
confirming the correctness of the document and will make payment
immediately after confirmation. Please stay online and wait for me
ok
The customer cannot confirm that it is their own file. Can we decrypt a test file again?
[REDACTED URL]
Sent the file
wait a moment
Confirm the transfer address, BTC quantity, and we are ready to make payment
$20000 / 0.6874617 btc
btc address [quotes BOT]
Is this address? [quotes BOT]
Ok
wait
Enclosed please find!
yes
Payment has been made. Please check the records on your end. Thank you
How long can I receive the decryption tool
in 30 minutes after payment
we are waiting bitcoin network confirmations
when payment will be credited to the account decryptor will be sent
Okay, I've been waiting
Received $19987
hi
Sent the decryptor. To unpack use the password: 123
Hello, there are two file decryptors that cannot recognize it. Can you help restore it?
These two files are very important to me
[REDACTED URL]
Yes, wait a little
Are you there?
yes
Hello
I'm
sorry, unfortunately these two files were not fully encrypted. They are
missing critical recovery information, so I can't decrypt them.
// Analysis
Analyst Observations
- The final settlement represented a 0% reduction from the initial demand — a moderate reduction.