// Context
About This Negotiation
This transcript documents a REvil ransomware negotiation with a redacted victim organisation.
The negotiation consisted of 23 messages exchanged over Unknown.
The initial demand is not clearly stated in the transcript. The final outcome is not confirmed in the transcript.
// Primary Source
Full Transcript — Verbatim
Reproduced from Casualtek's Ransomchats archive. URLs have been redacted.
Victim names are shown only where the breach was publicly reported in mainstream media. Any organisation wishing their name redacted can contact us at
enquiries@binary-response.com — we will act promptly.
[Victim] — 21 days ago — Message 1/23
How can i trust that if i pay, you will provide the decryptor? How long
does the process take to get the decrpytor and how long then will it
take me to decrypt the files?
[REvil] — 21 days ago — Message 2/23
Hello. The decryptor is obtained automatically after payment.
[REvil] — 21 days ago — Message 3/23
Also, you can read about us in the internet who we are, there enough information that will get you out of any doubt.
[Victim] — 21 days ago — Message 4/23
Some of the read me files have different text in them, will the decyptor decrypt them all?
[REvil] — 21 days ago — Message 5/23
Yes.
[REvil] — 20 days ago — Message 6/23
Hello
[Victim] — 14 days ago — Message 7/23
Hi, how can be sure if payment is made that the decrypting software will be provided?
[REvil] — 14 days ago — Message 8/23
We value our reputation and we have proved ourselves over a long period
of time. We have a 100% guarantee after the transaction is completed
that you will receive the decryptor and your data and information about
you will be immediately deleted.
[Victim] — 14 days ago — Message 9/23
Can I upload you a file to prove that you can decrypt it?
[REvil] — 14 days ago — Message 10/23
Yes
[Victim] — 14 days ago — Message 11/23
Here is the file
[REvil] — 14 days ago — Message 12/23
File
[Victim] — 14 days ago — Message 13/23
Yes it works. I will try to find a way to buy xmr.
[REvil] — 14 days ago — Message 14/23
Or u can simply buy monero on this exchanges and withdraw on ur own wallet and send to us.
[REDACTED URL]
[REDACTED URL]
[REDACTED URL]
[REDACTED URL]
and there are all of the ways to get monero
[REDACTED URL]
[Victim] — 14 days ago — Message 15/23
Now I see that some of the files are deleted. How to restore them?
[Victim] — 14 days ago — Message 16/23
All this exchanges that you sent require a lot of time to transfer fiat
and buy XMR on them. I'm trying to find a faster way. Can you postpone
the time for payment a little bit?
[REvil] — 14 days ago — Message 17/23
Okay , we added.
[Victim] — 14 days ago — Message 18/23
Ok thanks
[REvil] — 14 days ago — Message 19/23
Waiting for 10 confirmations by Monero system, it takes ~30 min
[Victim] — 14 days ago — Message 20/23
We just paid
[Victim] — 14 days ago — Message 21/23
Ok, now I have access to decryptor. But when I log on to the machine it
is locked and there is a screen to enter password, what is it?
[REvil] — 14 days ago — Message 22/23
password- [redacted]
[Victim] — 14 days ago — Message 23/23
it works thanks