Negotiation Chat – REvil
Chat ID: 20210609
Hello,
We are REvil Group.
We want to inform that your company local network have been hacked and encrypted. We have all your local network data. The Price to unlock is $300,000. Now we're keeping it a secret, but if you do not reply us within 3 days it will be posted on our news-site. Think about the financial damage to your stock price from this publication. In case of successful negotiations we guarantee that you will get decryptors for all your machines, non recoverable removal of downloaded data and security report on how you were hacked to fix your vulnerabilities. We hope that you can correctly assess the risks for your company.
You can find more information about REvil group in Google.
Posting on our blog and further publications in the media will lead to significant losses for your company: court and government fines, data recovery, loss of reputation, abandonment of clients, drop in limits.
But don't panic! We are in business, not in war.
We can unblock your data and keep everything secret. All we need is a ransom.
In this case, you also get: a security report, a complete tree of compromised data files, permanently deleting downloaded data, support with tips on unlocking and protecting.
9 days ago
Hi,
Our business has been seriously affected by the current Covid Pandemic since early last year. Our country (Singapore) is in lock down mode currently. Everybody is suffering and life is very tough here. Our company is no exception. Our company is small local family company and not a Listed Company. Our Company finance has become very tight right now. We really cannot afford your asking price. We could only fork up to US$20,000.
We have already finalised our recovery plan and with the offline back up data, we are in the process of rebuilding some data and files now. We do not have P&C data with Government, Customers or Vendors. However, we wish to save our business recovery time and cost. Hence, we sincerely come to you and hope to reach a mutual agreement and settle this amicably.
Hope to hear from you soon.
6 days ago
Hello!
We took note of your communication and concluded:
1) If you could cope without our help, you would not contact us.
2) And yet, we are ready to make concessions to you, and throw the price down to $75,000.
We await your decision.
6 days ago
Hi
Appreciate your reply.
We wish to pay $75,000 and settle amicably. However, it is still very tough for us. We are willing to double our initial offer to $40,000.
We have only one condition (just to safeguard our side here), that is we pay 50% first and in return, you give us the decryption tool for our files in two (2) hosts :
1) Host name 'SAP-VEEAM' (file extension .[redacted]), and
2) Host name 'apps-fs' (file extension .[redacted], .[redacted], [redacted])
Once we successfully decrypt the above-mentioned files, we shall immediately settle the balance 50% without delay in return for all the balance decryption.
(Please be reassured that once we achieve agreement to pay, we shall honor our word)
For payment to you in XMR (currently trad around US$ 287 now), our local Crypto platform do not support this transfer network. Can we pay you in Bitcoin/Ethereum instead?
Hope to see your favorable reply soon.
6 days ago
Let my boss think, next couple of hours.
In any case, we are not ready for a down payment of 50%. So we don't work.
You can send us some not very important files so that we can confirm the functionality of our build. To do this, skip the file and note this extension.
I'll tell you in advance if the boss does not agrees to 40.000, try to offer a little more.
6 days ago
i talked with my boss so the last price is 50.000$ It is the minimal price we can offer to you.
6 days ago
you can pay in btc
6 days ago
Hi,
Ultimately, how do we be sure that after we pay 100% in advance you would give us 100% decryption?
we may not get anything at all after we make payment.
Therefore, please reconsider our suggestion that we pay you 50% and you decrypt our files as mentioned earlier on.
We assured you that once we reach an agreement with you, we will definitely honor our payment.
6 days ago
We have a long reputation, you can read reviews about us.
In addition, you ask to decrypt the server with backups.
We have already done everything possible for our cooperation in the form of a proposed discount.
You will receive a utility that will run on all extensions at once on your network.
6 days ago
Hi,
Can you provide the links for the review about you?
How many Bitcoin do we have to pay? Bitcoin price now is $38,650. Can you provide Bitcoin Transfer address/details?
6 days ago
1.36 btc
6 days ago
Can you provide the links for the review about you?
6 days ago
Use google "REvil"
6 days ago
Hi,
Can you decrypt below 3 files to show you have the tools/keys? Thanks.
6 days ago
wait
6 days ago
file
6 days ago
APPS-SAP Backup.vbm.[redacted]
Choose another file for test decryption
6 days ago
Regional - Employee Master Data (Latest).xls
6 days ago
Do you really take us for fools?
6 days ago
send another test file
6 days ago
The Employee file is critical actually. Pls decrypt for us.
6 days ago
no
6 days ago
The Employee file is NOT critical actually.
6 days ago
send another file
6 days ago
try this please
6 days ago
file
6 days ago
this is the 3rd file please
6 days ago
file
6 days ago
Can I have last 2 more files to show my boss? Please.
6 days ago
Only 3 file test
6 days ago
If you need more , pay
6 days ago
Now the BTC is $38,820 x 1.287 = $50,000,
Can we agree with 1.287 BTC coins?
6 days ago
1.295
6 days ago
we pay you 1.295 BTC coins, you send us the decryption tools/keys for all files. Do we have a deal?
6 days ago
yes
6 days ago
We need to remit money to our Cryto Platform to buy BTC, it may be late tomorrow to transfer the coins to you. Please bear with us.
can you also send me the BTC transfer details?
6 days ago
You can find btc ID on main page
6 days ago
I only saw XMR address?
6 days ago
click "Bitcoin + 10%"
6 days ago
in the Recipient Address, I put this correct?
[redacted]
6 days ago
What should I put in Recipient Full Name?
6 days ago
Please confirm
6 days ago
[redacted]
6 days ago
Yes, this wallet.
6 days ago
3. Wait for 3 confirmations by blockchain
What does the above means?
6 days ago
This is a confirmation of the transaction in the blockchain network. The usual procedure for transferring cryptocurrencies.
6 days ago
Ok
what should I put the full name for the recipient?
5 days ago
nothing. Wallet Only
5 days ago
Ok
5 days ago
Hi, we finally gathered enough BTC 1.295. But it is coming from 2 sources due to time constraint.
We shall transfer BTC 0.42546345 from our local Crypto Platform first.
Once you receive it, please let us know before we transfer the balance BTC to you from another Crypto Platform
Is that okay with you?
5 days ago
Please let us know quickly
We want to transfer now but need you to confirm okay first.
5 days ago
Hi,
We managed to transfer BTC 1.295 to your below address. Pls check and confirm.
[redacted]
5 days ago
Please see attached jpg image for the successful transfer of BTC 1.295.
5 days ago
waiting till 3 conformations,after that you can download decryption program
5 days ago
Where do we find these 3 confirmations?
5 days ago
We have done email confirmation and phone confirm for our BTC transfer just now.
is it related to the above 3 confirmations?
5 days ago
wait please
5 days ago
To use a decryptor run it as administrator and turn off antivirus before.
You can use a decryptor as gui application or through cmd.
CMD commands:
UniversalDecryptor.exe -full
UniversalDecryptor.exe -path "C:\folder"
UniversalDecryptor.exe -file "C:\folder\file.txt.random_ext"
* decryptor with -full option will decrypt all with default params.
If you use it as gui application, mI recommend you choose "create backups" option. If you use decryptor without this option, you should not interrupt decryption process, otherwise some files will be irreversibly damaged.
5 days ago