Contact us Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

Negotiation Chat — Conti

Negotiation chats provided by Valéry Marchive and Julien Mousqueton.

Chat ID: 20210513

Victim
readme.txt [ 1kB ]
5/13/2021, 1:44:20 PM
Victim
Waiting for instructions
5/13/2021, 1:44:40 PM
Welcome! [redacted]
5/13/2021, 1:46:02 PM
Gang
You need pay for decrypt your files. Your price is 200.000$
5/13/2021, 1:48:11 PM
Gang
Your network was hacked, workstations encrypted and we downloaded many private information from your servers. Note that we have also downloaded a lot of data from your network that in case of not making payment will be published on our website. If you will spend 3 days in silence we will start publushing the information.
5/13/2021, 1:48:27 PM
Gang
Your price for non-recoverable deletion of all the leaked information, and decpryptor for your network is $200.000
5/13/2021, 1:48:56 PM
Gang
Victim
Sorry for the delay, we've been having a lot of internal meetings and want to work with you.
5/17/2021, 1:00:32 AM
We understand your problems. But we also see your turnover and the amount of information we downloaded from your network. Your losses, if the information reaches the public, will be tens of times more than we asked. make your offer, you haven't given a single digit yet.
5/17/2021, 11:24:20 AM
Gang
Victim
Okay; as part of our conversations last night I was told to ask about getting a sample of data you might have taken
5/17/2021, 2:45:15 PM
We have your accounting, legal documents, finance, contracts and personal correspondence, DB, that's all I can say. It's about 50 Gigabate. You will receive a complete list of files after payment as well as a log of their removal from our server.
5/17/2021, 8:32:51 PM
Gang
[redacted]_proof.7z [ 3.1MB ]
5/17/2021, 8:33:17 PM
Gang
Proof Pack. Pass: 123123
5/17/2021, 8:33:41 PM
Gang
We will also try to find a buyer for your data and access to your network if you refuse to pay.
5/17/2021, 8:34:23 PM
Gang
Victim
Thank you; I will let my boss know. We want to work with you.
5/17/2021, 11:17:40 PM
Victim
We've been having some internal meetings and discussions and would like to make an offer of $22k
5/18/2021, 1:49:16 AM
Victim
Just wanted to follow up on this.
5/18/2021, 3:58:34 PM
Your offer has been rejected. Make a more reasonable offer based on our offer.
5/18/2021, 4:12:29 PM
Gang
Victim
I've went back to my boss and management, they understand the importance. We would like to extend an updated offer to $45K USD
5/18/2021, 6:29:00 PM
Well, we see constructive dialogue and make a discount. Your new price is $170,000.
5/18/2021, 8:13:32 PM
Gang
Victim
Let me check with my boss to what more we can offer, as that's still a lot of money for us.
5/18/2021, 9:17:28 PM
Victim
Just spoke with my boss and management was able to come up with some additional funds to make an offer of $62k
5/18/2021, 11:54:11 PM
Victim
Following up on the offer of $62k
5/19/2021, 1:52:10 AM
Well, we see constructive dialogue and make a discount. Your new price is $138,000.
5/19/2021, 8:16:02 AM
Gang
Victim
Let me talk to my boss, I will get back to you later this morning.
5/19/2021, 12:35:37 PM
Well, we are waiting, do not delay, this will entail negative consequences of publication.
5/19/2021, 12:36:24 PM
Gang
Victim
I was told to ask, if you can provide proof of decryption. Do I just upload a couple documents?
5/19/2021, 3:28:13 PM
Victim
[redacted].pdf.[redacted] [ 529kB ]
5/19/2021, 3:32:49 PM
Victim
Inventory Report [redacted].htm.xlsx.[redacted] [ 13kB ]
5/19/2021, 3:33:54 PM
Victim
[redacted] reimbursement Spreadsheet 7-29-2019.xlsx.[redacted] [ 11kB ]
5/19/2021, 3:34:00 PM
Victim
Hello?
5/19/2021, 4:55:17 PM
Victim
Have you gotten my messages?
5/19/2021, 7:54:45 PM
Wait.
5/19/2021, 9:58:00 PM
Gang
[redacted] reimbursement Spreadsheet 7-29-2019.xlsx [ 11kB ]
5/19/2021, 10:04:28 PM
Gang
Inventory Report [redacted].htm.xlsx [ 12kB ]
5/19/2021, 10:04:36 PM
Gang
[redacted].pdf [ 528kB ]
5/19/2021, 10:04:48 PM
Gang
Victim
Thank you; I'll let my bossy know
5/19/2021, 10:05:13 PM
Well, we are waiting, do not delay, this will entail negative consequences of publication.
5/19/2021, 10:05:44 PM
Gang
Victim
Should have a response here shortly, I know we have been discussing internally and trying to come up with some additional funds.
5/19/2021, 10:05:56 PM
Victim
We would like to make an additional offer; $74k
5/19/2021, 10:09:39 PM
Victim
Just wanted to follow up on the new offer of $74K
5/19/2021, 11:27:51 PM
Victim
?
5/20/2021, 12:35:45 AM
Victim
Also, what would be the BTC Wallet for payment?
5/20/2021, 1:13:13 AM
Victim
Also, would we be able to get access to the data you have taken? Or something else like a file Tree?
5/20/2021, 9:38:47 AM
Your price for file tree & non-recoverable deletion of all the leaked information, and decpryptor for your network is $100.000. And we agree. We will not be able to make less than this proposal. Think about it.
5/20/2021, 10:29:48 AM
Gang
BTC Wallet: [redacted]
5/20/2021, 10:30:36 AM
Gang
Victim
If we can get payment over today, when should we expect the decryption key? I know comms have been rather slow.
5/20/2021, 10:51:45 AM
You'll get everything within 24 hours. after payment.
5/20/2021, 11:08:21 AM
Gang
We'll try to give it all out quickly.
5/20/2021, 11:09:27 AM
Gang
Victim
Is there a leak site we can check that you guys would publish to?
5/20/2021, 11:17:18 AM
http://continewsnv5otx5kaoje7krkto2qbu3gtqef22mnr7eaxw3y6ncz3ad.onion/
5/20/2021, 11:20:31 AM
Gang
Victim
Thank you;
5/20/2021, 11:22:33 AM
Victim
Just got confirmation from my boss, we are working to make the $100k payment.
5/20/2021, 12:27:41 PM
Okay, we're waiting.
5/20/2021, 4:10:34 PM
Gang
Victim
This is still the BTC Wallet Correct: [redacted]
5/20/2021, 6:44:09 PM
BTC Wallet: [redacted]
5/20/2021, 6:49:49 PM
Gang
Victim
Confirmation #: [redacted]
5/21/2021, 12:18:25 AM
Victim
Can you confirm payment? When should we expect the decryption key?
5/21/2021, 10:57:35 AM
[redacted]_decryptor.exe [ 103kB ]
5/21/2021, 11:45:56 AM
Gang
Decryptor: 1) Launch the decryptor under Administrative rights 2) Wait till the decryptor window is closed 3) if any of the files haven't changed the extension back to the original - repeat 1 and 2
5/21/2021, 11:46:42 AM
Gang
The file tree and deletion log are expected to be checked out within 24 hours.
5/21/2021, 6:58:07 PM
Gang
Victim
Thank you
5/21/2021, 9:41:26 PM
Wait
5/22/2021, 1:12:01 AM
Gang
Victim
We have files that won't decrypt on several systems. I'm providing a few of those samples if you can update the decryption tool.
5/23/2021, 1:21:26 AM
Victim
[redacted]_.GIF.[redacted] [ 5kB ]
5/23/2021, 1:21:32 AM
Victim
[redacted].cab.[redacted] [ 8.6MB ]
5/23/2021, 1:22:16 AM
Victim
[redacted]_.WMF.[redacted] [ 6kB ]
5/23/2021, 1:22:25 AM
Victim
How long till we can get an updated decryption tool and file-tree & deletion of file-tree
5/24/2021, 2:35:35 PM
This 3 files are decrypted, just remove .[redacted] extension
5/24/2021, 7:05:57 PM
Gang
Victim
Your decryption tool left the extension to thousands, how do we go about removing the extension to thousands of files without potentially corrupting files that might still need to be decrypted.
5/24/2021, 8:05:36 PM
Try to run the decryptor again
5/24/2021, 8:24:15 PM
Gang
Victim
We did 3-4 times
5/25/2021, 1:31:04 PM
Victim
Any news on the updated decryption tool and file deletion?
5/25/2021, 7:51:14 PM
[redacted]_tree.zip [ 76kB ]
5/25/2021, 9:13:18 PM
Gang
SHRED_[redacted].zip [ 739kB ]
5/25/2021, 9:13:24 PM
Gang
file list and delete log
5/25/2021, 9:13:33 PM
Gang
Victim
Thank you; what about an updated decryption tool
5/26/2021, 12:32:09 AM
Victim
Really need that updated decryption tool. I've got thousands of files that I can't use and If I self remove thousands of extensions I fear that the files will be corrupted. You promised a working decryption key.
5/27/2021, 8:23:28 PM
Victim
I'm reaching out to the bigger Conti group.
5/28/2021, 8:39:31 PM