// Ransomware Negotiation Transcript

trinity Ransomware Negotiation — 0011

50Messages
UnknownDuration
UnknownInitial Demand
UnknownOutcome
// Context

About This Negotiation

This transcript documents a trinity ransomware negotiation with 0011. The negotiation consisted of 50 messages exchanged over Unknown.

The initial ransom demand was Unknown. The final outcome is not confirmed in the transcript.

// Primary Source

Full Transcript — Verbatim

Reproduced from Casualtek's Ransomchats archive. URLs have been redacted.

Victim names are shown only where the breach was publicly reported in mainstream media. Any organisation wishing their name redacted can contact us at enquiries@binary-response.com — we will act promptly.
[0011] — — Message 1/50
hi we have crypted files,... can you help us?
[trinity] — — Message 2/50
Hello, yes we can
[trinity] — — Message 3/50
Price for 1 pc - 0.25 btc (bitcoin)
[0011] — — Message 4/50
what do you need?
[trinity] — — Message 5/50
You pay, we give you a decryption program.
[0011] — — Message 6/50
How many just for one pc
[0011] — — Message 7/50
How many just for one pc
[trinity] — — Message 8/50
1 pc - 0.25 btc (bitcoin)
[trinity] — — Message 9/50
Bitcoin wallet [redacted]
[0011] — — Message 10/50
We are a Tunisian company
[0011] — — Message 11/50
We do not have the support to pay in bitcoin because the tunisian state blocks this type of transaction
[0011] — — Message 12/50
can you help us?
[trinity] — — Message 13/50
SERVTUNISIE.[redacted].local [redacted] C:\476 D:\558 F:\931 [redacted]
[trinity] — — Message 14/50
your coworkers have already bought two keys ask them or search for how to buy bitcoin in your country.
[trinity] — — Message 15/50
[redacted]@gmail.com their mailing address
[0011] — — Message 16/50
my boss is currently traveling, as soon as he returns, we will come back to you for a better solution
[0011] — — Message 17/50
Please help us to recover some minimum documents
[trinity] — — Message 18/50
price 0.25 bitcoin for 1 ID
[0011] — — Message 19/50
hi, we would like information about uncrypt,, can i uncrypt file on other computer (of course if we pay) or it is only possible on orginal computer?
[0011] — — Message 20/50
[trinity] — — Message 21/50
yes
[trinity] — — Message 22/50
pay and we'll give you a decoder.
[trinity] — — Message 23/50
the file can be decrypted on any computer
[0011] — — Message 24/50
[trinity] — — Message 25/50
?
[trinity] — — Message 26/50
when can I expect payment from you?
[0011] — — Message 27/50
we have some problem to have bitcoin, in tunisia it is very difficult
[0011] — — Message 28/50
and the value is very hight
[0011] — — Message 29/50
we need only 2 files inside the PC it is possible to have only for it with discount price
[trinity] — — Message 30/50
0.25 bitcoin minimum price
[trinity] — — Message 31/50
wallet [redacted]
[0011] — — Message 32/50
ok so 0.25 bitcoin is for one PC?
[trinity] — — Message 33/50
yes
[0011] — — Message 34/50
if i pay this evening, you send decryptor under 1 hours or no?
[trinity] — — Message 35/50
yes
[0011] — — Message 36/50
please confirme wallet
[trinity] — — Message 37/50
[redacted]
[trinity] — — Message 38/50
[redacted]
[0011] — — Message 39/50
we have pay,...[REDACTED URL]
[0011] — — Message 40/50
we have pay,...[REDACTED URL]
[0011] — — Message 41/50
file crypted for define decryptor [REDACTED URL]
[trinity] — — Message 42/50
10 min
[trinity] — — Message 43/50
[REDACTED URL]
[trinity] — — Message 44/50
password 123
[0011] — — Message 45/50
we have problem my VHDX files are now uncrypted, but inside all files are always crypted?
[trinity] — — Message 46/50
send me one file
[0011] — — Message 47/50
[REDACTED URL]
[0011] — — Message 48/50
please try to do fast
[trinity] — — Message 49/50
SERVTUNISIE [redacted] C:\476 D:\558 F:\931 [redacted]... serveur-3cx [redacted] SERVTUNISIE [redacted] C:\476 D:\558 F:\931 [redacted]... SERVFICHIERTN [redacted] C:\126 D:\126 E:\99.9 F:\99.9 G:\99.9 H:\99.9 I:\99.9 J:\99.9 K:\99.9 L:\99.9 M:\99.9 N:\99.9 O:\399 Q:\99.9 R:\2.99 T:\109 U:\126 [redacted]... SERVTUNISIE.[redacted].local [redacted] C:\476 D:\558 F:\931 [redacted]... [redacted] [redacted] C:\278 D:\727 E:\390 F:\223 G:\953 H:\953 J:\279 V\5.4Tb [redacted]... [redacted] [redacted] [redacted] [redacted] [redacted] [redacted] [redacted]... [redacted] [redacted] C:\278 D:\727 E:\390 F:\223 G:\953 H:\953 J:\279 V\5.4Tb [redacted]... [redacted] [redacted] [redacted] [redacted] C:\126 [redacted]... [redacted] [redacted] [redacted] [redacted] C:\126 [redacted]... serv-data [redacted] C:\476 D:\279 E:\953 F:\1.86Tb G:\1.86Tb H:\250 I:\109 J:\199 K:\126 L:\299 M:\59.9 O:\558 P:\299 Q:\9.98 W:\299 [redacted]... [redacted]-[redacted] [redacted] C:\237 [redacted]... SERVFRANCE [redacted] FR-001 [redacted] C:\222 [redacted]... [redacted]-[redacted] [redacted] C:\222 [redacted]... FR-010 [redacted] C:\137 D:\100 [redacted]... SERVEUR-3CX [redacted] Pc-[redacted].[redacted].local [redacted] PC_TEST [redacted] C:\140 E:\465 [redacted]... SERV-DATA [redacted] SERVFRANCE [redacted] Serveur-fichier [redacted] SAUVE-SERV [redacted] C:\126 E:\199 [redacted]... SERVEUR-RDS [redacted] SERV-DATA [redacted]
[trinity] — — Message 50/50
you have a lot of ID this file with a different key you didn't pay for it buy all remaining IDs at a discounted price 0.5 for all
// Analysis

Analyst Observations

Facing a Ransomware Demand?

Whether you choose to negotiate or refuse — having specialists in the room changes the outcome.

⚡ Contact Us Now Our Negotiations Service →