// Context
About This Negotiation
This transcript documents a REvil ransomware negotiation with a redacted victim organisation.
The negotiation consisted of 15 messages exchanged over Unknown.
The initial demand is not clearly stated in the transcript. The final outcome is not confirmed in the transcript.
// Primary Source
Full Transcript — Verbatim
Reproduced from Casualtek's Ransomchats archive. URLs have been redacted.
Victim names are shown only where the breach was publicly reported in mainstream media. Any organisation wishing their name redacted can contact us at
enquiries@binary-response.com — we will act promptly.
[Victim] — 6 days ago — Message 1/15
You have our files?
[REvil] — 6 days ago — Message 2/15
Hello , yes.
[Victim] — 6 days ago — Message 3/15
Please show this proof. Then we discuss price.
[REvil] — 6 days ago — Message 4/15
wait for answer.
[Victim] — 6 days ago — Message 5/15
Yes
[REvil] — 6 days ago — Message 6/15
This is a random group of files from our huge collection.
[Victim] — 6 days ago — Message 7/15
This is not special files. We do not care about this. Show us something more you have. This is SHIT!
[REvil] — 6 days ago — Message 8/15
What kind of files do you call "special"? Can you be a bit more
specific. We've got plenty of your files, but we can't know what exactly
to pick to satisfy you. We've got your financial files, personal
information of all of your employees and clients, engineering and etc.
If all this data will be published, believe us, it will cause a way more
damage than the price we want.
[REvil] — 6 days ago — Message 9/15
By concluding a deal with us, you receive a decryptor file for all your
data, we completely delete all your data from our servers, and
guarantee you complete confidentiality about the incident. Your
reputation will not be affected. You also get a brief audit of an attack
on your network, which will allow you to further reduce the risk of
such incidents recurring.
[Victim] — 6 days ago — Message 10/15
Thank you for that information. But please understand that our business
has been impacted severely by Covid and revenue is down over the last
year and we cannot afford anywhere near your demand. We need only one
machine to recover and ask if you can please reconsider to give us a
much better price?
[REvil] — 6 days ago — Message 11/15
My boss is ready to listen to your suggestion.
[REvil] — 5 days ago — Message 12/15
The price is set after a financial audit of your company. We understand
the situation with COVID, so we are ready to hear your proposal for a
price. But please note that we do not expect a low price from you. Don't
forget that we have your financial statements when you make your bid.
[REvil] — 3 days ago — Message 13/15
we remind you that in case of non-payment the timer will double the payment amount.
[REvil] — 1 day ago — Message 14/15
Hey! Do you have any news for us, guys?
[REvil] — 21 hours ago — Message 15/15
Hello! You data is ready to be published. You can press the link and
see what we've got. It's just an example of what we have. The full blog
will be published after three days.
[REDACTED URL]