// Context
About This Negotiation
This transcript documents a trinity ransomware negotiation with 0002.
The negotiation consisted of 52 messages exchanged over Unknown.
The initial ransom demand was $17,000. The final outcome is not confirmed in the transcript.
// Primary Source
Full Transcript — Verbatim
Reproduced from Casualtek's Ransomchats archive. URLs have been redacted.
Victim names are shown only where the breach was publicly reported in mainstream media. Any organisation wishing their name redacted can contact us at
enquiries@binary-response.com — we will act promptly.
[0002] — — Message 1/52
.
[0002] — — Message 2/52
Hello
[0002] — — Message 3/52
[REDACTED URL]
[trinity] — — Message 4/52
hello
[trinity] — — Message 5/52
you need to decrypt files?
[0002] — — Message 6/52
YES. whats the price and process ?I have attched a file as well
[trinity] — — Message 7/52
price 20 000$
[trinity] — — Message 8/52
after payment you will receive the decryption program, and the NAS password
[trinity] — — Message 9/52
will you be paying?
[0002] — — Message 10/52
Can you lower the price ? And show me the sample file
[trinity] — — Message 11/52
if you pay today. we
are ready to make the price 17000$ you need to pay in bitcoin wallet
[redacted] 0.26 bitcoin if you agree we
will make a test
[trinity] — — Message 12/52
?
[trinity] — — Message 13/52
we're waiting to hear back from you
[trinity] — — Message 14/52
[REDACTED URL] test file
[trinity] — — Message 15/52
will you be paying?
[0002] — — Message 16/52
sorry. we had some
problems with our systems and just now were able to get back in. do you
still have the decrypotion program and NAS password available?
[trinity] — — Message 17/52
hi
[trinity] — — Message 18/52
yes
[trinity] — — Message 19/52
[redacted]
[trinity] — — Message 20/52
wallet
[trinity] — — Message 21/52
will you be paying?
[trinity] — — Message 22/52
will you be paying?
[0002] — — Message 23/52
Sorry for the delays here. Is the price still $17,000 USD?
[trinity] — — Message 24/52
[redacted]
[trinity] — — Message 25/52
yes pay
[trinity] — — Message 26/52
0.3 bitcoin
[0002] — — Message 27/52
Can yopu please
accept 0.25 BTC if we pay today? We have to pay the broker for the
bitcoin so altogether it will cost us more than $17K. Thank you.
[0002] — — Message 28/52
Can you please
accept 0.25 BTC if we pay today? We have to pay the broker for the
bitcoin so altogether it will cost us more than $17K. Thank you!
[trinity] — — Message 29/52
0.28 ok
[trinity] — — Message 30/52
when can I expect payment from you?
[0002] — — Message 31/52
Our managers have agreed to the 0.28 BTC payment. We are starting the process now.
[trinity] — — Message 32/52
ok
[trinity] — — Message 33/52
we're waiting
[0002] — — Message 34/52
txid: [redacted]
[trinity] — — Message 35/52
NAS password [redacted]
[trinity] — — Message 36/52
to make a decriptor send us 4-5 files (1-10mb)
[trinity] — — Message 37/52
use [REDACTED URL]
[0002] — — Message 38/52
[REDACTED URL]
[0002] — — Message 39/52
[REDACTED URL]
[0002] — — Message 40/52
[REDACTED URL]
[trinity] — — Message 41/52
before running decrypt.exe Make a copy of important files!!! if decryption goes wrong, so that it can be restored.
[trinity] — — Message 42/52
[REDACTED URL]
[trinity] — — Message 43/52
password 123
[trinity] — — Message 44/52
download and run as administrator, the program will decrypt all files automatically
[0002] — — Message 45/52
please send the password for the decrypt.zip file. thank you.
[trinity] — — Message 46/52
123
[trinity] — — Message 47/52
password 123
[trinity] — — Message 48/52
123
[trinity] — — Message 49/52
password 123
[trinity] — — Message 50/52
123
[trinity] — — Message 51/52
password 123
[trinity] — — Message 52/52
/Password 123