// Context
About This Negotiation
This transcript documents a Qilin ransomware negotiation with 20250203 From @Rakeshkrish12.
The negotiation consisted of 36 messages exchanged over 23 days, beginning on 2025-02-03.
The initial ransom demand was $63,000. The negotiation resulted in a confirmed payment.
// Primary Source
Full Transcript — Verbatim
Reproduced from Casualtek's Ransomchats archive. URLs have been redacted.
Victim names are shown only where the breach was publicly reported in mainstream media. Any organisation wishing their name redacted can contact us at
enquiries@binary-response.com — we will act promptly.
[Qilin] — — Message 1/36
Hello. I'm here. How can I assist you?
[20250203 From @Rakeshkrish12] — 3.02.2025 22:39:55 — Message 2/36
Hello?
[Qilin] — 3.02.2025 22:56:43 — Message 3/36
Your company's network is attacked and the entire system is encrypted. We have downloaded all the company's confidential data. After payment you will receive.
1. Decryption tool for all devices
2. Complete list of files taken from the network.
3. Proof that all your data has been deleted.
4. Information about how we got into the network.
5. Security recommendations to stop future attacks.
6. Promise that we will not attack you again in the future.
7. Guarantee that we will forget about this incident.
[20250203 From @Rakeshkrish12] — 4.02.2025 14:38:51 — Message 4/36
ok, what do we need to do?
[Qilin] — 4.02.2025 15:22:44 — Message 5/36
We will provide the list of files what we took from you as soon as possible and you can offer 3 names of files from it and we will provide them as a proof of availability. Also you can send 3 encrypted files and we will decrypt them as a proof that our decryption tool really works. But these files must not contain a valuable information.
[Qilin] — 4.02.2025 21:1:24 — Message 6/36
file tree.txt (0.232 MB)
[20250203 From @Rakeshkrish12] — 5.02.2025 13:33:45 — Message 7/36
Thank you, I'll review and pick out some files
[20250203 From @Rakeshkrish12] — 6.02.2025 21:47:33 — Message 8/36
Please provide us with copies of the following files:
- [redacted].xls
- [redacted].pdf
- [redacted].docx
[Qilin] — 6.02.2025 21:56:52 — Message 9/36
We will do it as soon as possible.
[Qilin] — 6.02.2025 23:16:34 — Message 10/36
[redacted].docx (0.032 MB)
[Qilin] — 6.02.2025 23:17:11 — Message 11/36
[redacted].xls (0.039 MB)
[Qilin] — 6.02.2025 23:17:24 — Message 12/36
[redacted].pdf (0.484 MB)
[20250203 From @Rakeshkrish12] — 7.02.2025 22:41:36 — Message 13/36
ok, so next I'm suposed to send you encrypted files? How am I supposed to get to those when you've encrypted the server?
[Qilin] — 7.02.2025 22:46:12 — Message 14/36
In order for you to make sure that we can really help you decrypt all your files and prevent all your information from going online - you can offer us some test files ... and we will decrypt them. After full payment you will get a full activation key to your computers and forget about us forever.
[20250203 From @Rakeshkrish12] — 8.02.2025 21:18:21 — Message 15/36
ok, I need to get with out team when they're back on Monday to see what we're able to get and send to you
[Qilin] — 8.02.2025 21:34:31 — Message 16/36
On Monday we are waiting.
[20250203 From @Rakeshkrish12] — 10.02.2025 22:33:30 — Message 17/36
What kind of files are we allowed to upload? All we've been able to get are some encrypted log files, will that work?
[Qilin] — 10.02.2025 23:55:52 — Message 18/36
You can select 2-3 random files from the list, and we will upload them to this chat as proof of availability. To prove that we can decrypt your data correctly, you can upload 2-3 encrypted files to our chat, and we will upload the decrypted copies back
[20250203 From @Rakeshkrish12] — 11.02.2025 3:7:3 — Message 19/36
Please decrypt the following files:
[20250203 From @Rakeshkrish12] — 11.02.2025 3:7:18 — Message 20/36
[redacted] (0.555 MB)
[20250203 From @Rakeshkrish12] — 11.02.2025 3:7:32 — Message 21/36
[redacted] (0.238 MB)
[20250203 From @Rakeshkrish12] — 11.02.2025 3:7:43 — Message 22/36
[redacted] (0.239 MB)
[Qilin] — 11.02.2025 10:47:46 — Message 23/36
[redacted].log (0.551 MB)
[Qilin] — 11.02.2025 10:47:53 — Message 24/36
[redacted].log (0.234 MB)
[Qilin] — 11.02.2025 10:47:57 — Message 25/36
[redacted].log (0.234 MB)
[20250203 From @Rakeshkrish12] — 12.02.2025 14:7:45 — Message 26/36
Thank you. We are considering your demands, is there any way you could provide a discount to your price?
[Qilin] — 12.02.2025 14:10:48 — Message 27/36
As a sign of goodwill and quick closing of the deal, we are ready to give a 10% discount and stop at the price of 63,000 dollars. You can pay this amount as we have reviewed your financials. Talk to the management and pay, after payment you will get everything you agreed on.
[20250203 From @Rakeshkrish12] — 13.02.2025 13:48:56 — Message 28/36
Understood. If we only require either the decryptor or confidentiality, would the cost be adjusted accordingly?
[Qilin] — 13.02.2025 13:51:54 — Message 29/36
Understand that we don’t have something that requires you to pay separately for something. Any payment includes all our terms and conditions. It depends whether you need decryption or not. Should your data be deleted or not, etc. Everything is included in the complex. Hurry up, there is very little time left.
[20250203 From @Rakeshkrish12] — 14.02.2025 15:16:43 — Message 30/36
That makes sense. We have some key decision makers that are flying in to discuss your deal. We expect to have an update for you early next week.
[Qilin] — 14.02.2025 16:16:45 — Message 31/36
As we see that you are interested in making a deal as soon as possible, we do for you an exception and extend the timer till the 19th of February for you to make a decision with your management and inform us about the payment. Please, don't delay with it, otherwise we will return with the tools which are stronger. You must understand that as the timer will expire we will post your files on our blog.
[20250203 From @Rakeshkrish12] — 19.02.2025 17:4:56 — Message 32/36
Our apologies, we are awaiting a decision from leadership. Can we have one more day to consider your offer?
[Qilin] — 19.02.2025 17:8:38 — Message 33/36
we extended the timer for 24 hours.
[Qilin] — 20.02.2025 18:27:40 — Message 34/36
So you just had a meeting about finances. What do you have to offer? We are willing to make an additional discount and accept payment from you today. The price will be 60,000 dollars. That's a very good discount. We're ready to make the deal today and start rebuilding you. It's up to you. Time is running out today.
[Qilin] — 26.02.2025 12:58:15 — Message 35/36
We see that you are not interested in the security of your patients and choose to play the silent way. Tommorow we will publish a press relise about you on our blog, and in a couple more days all of your data will become public. You still have time to start collaborating and do it without any attention from the press and the public.
[Qilin] — 26.02.2025 12:59:41 — Message 36/36
[REDACTED URL]