// Context
About This Negotiation
This transcript documents a REvil ransomware negotiation with a redacted victim organisation.
The negotiation consisted of 13 messages exchanged over Unknown.
The initial demand is not clearly stated in the transcript. The final outcome is not confirmed in the transcript.
// Primary Source
Full Transcript — Verbatim
Reproduced from Casualtek's Ransomchats archive. URLs have been redacted.
Victim names are shown only where the breach was publicly reported in mainstream media. Any organisation wishing their name redacted can contact us at
enquiries@binary-response.com — we will act promptly.
[Victim] — 25 days ago — Message 1/13
Hi. So how can you help?
[REvil] — 25 days ago — Message 2/13
The system works as follows: you transfer the amount in crypt currency Monero (XMR) to the wallet specified on your page.
After payment you receive:
- Universal decryptor for your all network
- The complete deletion of all your files with our warranty not to use the data for any purpose.
- Deleting blog
- 100% confidentiality of this incident and all terms of the transaction on our part.
[Victim] — 24 days ago — Message 3/13
How do we know that what you have is worth the money?
[REvil] — 23 days ago — Message 4/13
Wait for answer.
[Victim] — 23 days ago — Message 5/13
Waiting
[REvil] — 22 days ago — Message 6/13
I provide you additional proofs below and recommend you hurry up with decision, because payment procedure can takes time.
If you don't pay, your files will be published to the blog and shared to
media, other data will be sold. Anyway it will influence to your
reputation, think about your customers and fines and other troubles
waiting for you. We offer you solution to avoid everything of this.
[Victim] — 22 days ago — Message 7/13
Password?
[REvil] — 21 days ago — Message 8/13
Password: 123123
[Victim] — 21 days ago — Message 9/13
Thanks
[REvil] — 21 days ago — Message 10/13
How much time will it take you to make the payment?
[REvil] — 18 days ago — Message 11/13
Hello, we are tired of waiting for you, if there is no response from
you in a day, we will publish screenshots of some of your files for the
media - this will be the first warning for you.
But even if it does not affect you, we will publish all your data. We recommend that you make a decision.
[Victim] — 15 days ago — Message 12/13
can we get more time ?
[REvil] — 15 days ago — Message 13/13
Hello
We see no attempts on your part to engage in a serious conversation.
If you do not pay, your files will be published on the blog and
transferred to the media, the rest of the data will be sold. In any
case, it will affect your reputation, think about your clients, fines
and other troubles awaiting you. You will not have more time if we do
not see the prepayment.