Negotiation Chat – Akira
Chat ID: 20250417
Hello - what is happening ? we have your note everywhere on our systems and cannot use them
hello?
Hello. You've reached an Akira support chat. Currently, we are preparing the list of data we took from your network. For now you have to know that dealing with us is the best possible way to settle this quick and cheap. Keep in touch and be patient with us. We will reach out to you soon. Do you have a permission to conduct a negotiation on behalf of your organization? Once we get a response you will be provided with all the details.
Yes I am authorized to speak to you. I need approval from the owners on financial discussions but will be the only one you are communicating with
We didn't take your data. We are the ones who can properly decrypt your data and restore your infrastructure in a short period of time.
After payment you will receive a decryption tool for each of your systems and manual on how to use it for particular file/system. If you face any problems during decryption process, we will be here to support. You will receive a security report that includes information about how we were able to penetrate your network, as well as exclusive first-hand information about the state of your network, the vulnerabilities that we found. What's more, you'll receive high-quality technical recommendations on eliminating any vulnerabilities and strengthening your network to secure your internal and external infrastructure.
You will also receive written guarantees that we will keep this conversation private, and delete this chat later. We won't come back for more money after payment and we won't attack you again. The price is $200,000. To prove that we can properly decrypt your data you can upload 2-3 encrypted files up to 10 MB each to our chat and we will upload decrypted copies back. Let us know asap if your leadership is going to work with us.
I have spoken to the owners. There is absolutely no way we can pay anywhere near that ammount. We are just getting ready for our busy time of year where we make enough money to last the rest of the year. You attacked us before we made any money and we have nothing. It has been the slow time of the year for business for the last 6 months and we are down to almost no money. We want to work with you and get back in business so we can make money but there is no way that we can pay that amount. Or any amount even close to that
Sad to hear that.
Sad? You are going to put us out of business? We have nowhere near that type of money.
We are a small private business, not some huge company. You just made up a number and expect us to have that type of money?
This is a fair price for a company like yours. So, what do you offer?
How do you think this is fair. what do you mean a company like ours? No one here even makes that much in a year.
The most we have is 10 to 15 thousand and we may be able to borrow a little more. but as I said we are a small business that has been in the slow period of the work for over half a year. We are just starting our busy time to make enough to last us the rest of the year.
You can be 100% sure we will not agree to $15,000 or so. We do not work with 5 figures. Let us know your final number and we will decide if a deal is possible.
so you just randomly attack a business, make a number up that you think they have and expect them to pay it. Or you shut us down and we go out of business? How is that right? We understand you did work to make this happen and need to be paid but we do not have anywhere near that type of money. We could borrow a little from the bank but that is all, maybe double the 10,000 to 20,000 but we cannot come up with anything near what you are asking.
We do not ask for what you cannot afford. $20,000 won't help. $150,000 is our revised number for you.
We can not afford that. What makes you think we can.
The owner is talking to the bank this morning and seeing if there is anything they can do, but they have told him at the most it would be 10,000 usd loan to him.
Why do you think we have so much money. I have been telling you that we are a business that makes money from April until September. You attacked us at the very end of the slow time, we have nothing.
Let us know when you you have something interesting for us.
We are not trying to be rude or difficult. But here are the facts. The owner has talked to the bank. He has 10,000 USD is the business bank account right now, the bank will loan him another 10,000 USD and he can borrow from family as well as use his personal money for another 5,000 USD. That is all he has. We can pay you 25,000 USD and that is all there is. There is no other offer. He will shut down the business and close doors Monday if we are not open. There is no more money to find or get. Please take the $25,000 USD he is able to get or you are just putting us out of business and people lose thier jobs. We cannot offer more, and he cannot come up with more. If you say no we have no more negotiations and will close business. Take what he can give and make some money for it. We are a very small business and this is almost 25% of all the money he makes in a year.
If you do not accept this, we are closing our doors and will be out of business on monday. You do not attack to put people out of business but that is exactly what will happen here. There is no higher ammount we can offer or give and you will put families with no money if you cannot take this. Please do not make us close our business it is small but it is all we have
We both know you won't close your business. The leadership said that if you double your offer, we will see what we can do for you to finish the case peacefully.
Actually we will. You know we have very old systems and we cannot afford to upgrade them. We do not have any backups and we cannot work at all. The busy season starts this week in usa for our business and if we cannot work our clients will leave and go elsewhere. there is nothing keeping them with us.
Can you answer a question for us? Do you know what type of business we are? What we do?
We are a [redacted] firm. In USA everyone [redacted].. that is in 3 days. IF we are not open, we go out of business. [redacted]We make our money and then save and do a little bit of work the rest of the year. You hit us JUST BEFORE WE GET OUR CUSTOMERS. I am sorry. But if you cannot accept the offer, we have no choice but to go out of business. People [redacted] and they will go somewhere else in 3 days. You will actually shut us down.
You got several loans from [the] bank for over $200,000 and now you say you can't find anything over $10,000 to save your business. That doesn't sound like the truth. We're waiting for a better offer from you to solve this problem. And we hope you will be honest with us.
Those were to keep us going .. you hit us in the very end of the slowest time of the year. We start making money in the next 2 days. And we are being honest with you. That is all we have and all we can get
The bank wont lend if we do not have the income coming in to show them.. and we do not have hardly anything for the last 6 months. [redacted] We will make most if not all of our money in the next 3 to 4 months
It seems we won't be able to help. Hope you will find the way to gather a reasonable amount.
I spoke to the owner. That loan is not for 200,000 USD - There has NEVER been a business loan taken out before. That loan is for the owners house and is a home loan, we cannot borrow any more money from the bank. We have been honest with you.
Please you cannot just shut us down and put us out of business. We have to be open on Monday to start getting rady for the busy season. The bank will only lend him 10,000 USD on the business because it is so small and so few employees. We can pay you the 25,000 USD. We have not been lying to you. Please do not make us go out of business. We can transfer the money tommorrow and still save our company. You will get money for your work you did, and we can stay in business.
Please help us and tell us what we need to do to keep our company open. We cannot make up any more money.
Again. We won't accept $25,000. Our bottom line is $75,000.
But we do not have that. We cannot make that payment. You are just shutting us out of business. We cannot make money magically appear.
Let us know when you have a better number.
The leadership has decided to accept $25,000 and let you be. Here is our BTC wallet [redacted]. Let us know when you are ready to make payment.
THANK YOU I am telling the owner now. We will see when we can send it
What's your progress?
We are filing extensions on all our clients until we get the servers decrypted. This is a process in USA where we tell the government we need more time. We lost a lot of clients but can stay in business. The owner has gone to the bank and they are finishing the loan. It will take a day or two to get it. But we will be sending the 25,000 in the next couple of days. It is very busy today at work. We need to know how to send you files to show you can decrypt them.
We should have the loan from the bank in the next 2 or 3 days. and are busy telling our customers we are filing extensions for free with the government until our servers work again.
We can wait till Friday the latest.
vmware-14.log.akira // 1.99 MB
vmware-13.log.akira // 1.99 MB
We have the loan from the bank. Please decrypt these and tell us where to send the money and how
decrypted.7z // 198 KB
You can review. Here is the BTC wallet [redacted]. To gain bitcoins you need to go to any exchange platform as binance or coinbase. Here are the guides: https://www.coinbase.com/how-to-buy/bitcoin
https://www.binance.com/en/how-to-buy/bitcoin You also can buy bitcoin from any local brokers. Keep us posted on your progress.
We are ready to send the Bitcoin. Are you online and ready to receive.
will we get the decryptor right away from you and will it work on all our systems the VMDK as well as the servers that were there?
hello?
You will receive our tool immediately and your systems will be recovered quickly. You can make a test payment, if ready.
what do you mean a test payment
Send a small amount just to be sure everything is ok with the wallet.
test payment sent please confirm amount received.
0.00001 received. You can proceed with the rest.
This is sent in full please provide the decryptor
unlocker.7z // 1.77 MB
unlocker.exe -p="path_to_unlock"
unlocker.exe -s="C:\paths.txt"
where "paths.txt" is a list of paths for the decryptor, each path on a new line
ESXi commands
1) chmod +x unlocker
2) ./unlocker -p="/vmfs/volumes"
Can you tell us how you attacked us? how did you get into our systems and what we need to do to make sure this does not happen again?
Initial access to your network was purchased on the dark web. Then kerberoasting was carried out and we got passwords hashes. Then we just bruted these and got domain admin password. Spending weeks inside of your network we've managed to detect some fails we highly recommend to eliminate: 1. None of your employees should open suspicious emails, suspicious links or download any files, much less run them on their computer.
2. Use strong passwords, change them as often as possible (1-2 times per month at least). Passwords should not match or be repeated on different resources.
3. Install 2FA wherever possible.
4. Use the latest versions of operating systems, as they are less vulnerable to attacks.
5. Update all software versions.
6. Use antivirus solutions and traffic monitoring tools.
7. Create a jump host for your VPN. Use unique credentials on it that differ from domain one.
8. Use backup software with cloud storage which supports a token key.
9. Instruct your employees as often as possible about online safety precautions. The most vulnerable point is the human factor and the irresponsibility of your employees, system administrators, etc. We wish you safety, calmness and lots of benefits in the future. Thank you for working with us and your careful attitude to your security.