Ransomware negotiation(s) with  hive



Hello and welcome to Hive. How may I help you?

2 November 2021 17:52
Avatar

Hello! Waiting for your decision, otherwise I will be forced to raise the price if ignored and put your information on my information auction.

3 November 2021 13:40
Avatar
Avatar

Anyone still here?

5 November 2021 16:30

hi

5 November 2021 16:50
Avatar

How may I help you?

5 November 2021 16:51
Avatar
Avatar

What's your intention here?

5 November 2021 17:57

We don't care about your company files, we don't care about that, we're only interested in profit. This is business. Are you ready to make a deal?

5 November 2021 18:20
Avatar

Decrypting your server and removing stolen confidential files from your servers costs you $200,000 in bitcoins.

5 November 2021 18:23
Avatar
Avatar

Wow...$200,000 in bitcoins is serious money. No idea who you are or what data you're talking about.

5 November 2021 18:25

After payment, you will receive: 1) Transcription software 2) Promise of non-disclosure 3) Access to storage of decrypted files 4) Security report To convince you to pay, we can make calls to your customers to notify them of the incident.

5 November 2021 18:29
Avatar
Avatar

Trust me, that's the last thing I need. Just trying to get details from you. Just feeling very targeted right now.

5 November 2021 18:37
Avatar

How do I know you have files?

5 November 2021 18:37

If you are willing to cooperate, I will give you some files to confirm, but it does not matter, as it is silly to think that we have not downloaded anything when big money is being decided. You can read public news and our publications to be sure of our words http://hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd.onion/

5 November 2021 19:06
Avatar

lacveeam1.lac.[redacted].com MDVTSQL1 lacsql2012.lac.[redacted].com SQLCLUSTER02 lacwsus.lac.[redacted].com CIFSFTPDATA What files from these hosts are you interested in? Maybe you are interested in other hosts, tell me the name of the host

5 November 2021 19:11
Avatar
Avatar

Which hosts did you take files from?

5 November 2021 19:55

I don't know which hosts your data was downloaded from. We took only those files that were of interest and could be sold to third parties. Typically, customer data, databases, financial reports, corporate email archives and other classified and confidential data related to the company's activities (technological developments, blueprints, drug clinical trials, software codes, etc.) are downloaded.

6 November 2021 02:35
Avatar
Avatar

Can you show us what the files of interest were?

6 November 2021 03:13

We selected several random files from the downloaded repository and attached to the panel. You can watch it.

6 November 2021 11:02
Avatar
Avatar

Can you decrypt these 2 files?

6 November 2021 19:22

I have decrypted both files

6 November 2021 19:36
Avatar
Avatar

Are these all the files you took from me?

7 November 2021 00:13
Avatar

Can you give me a list of all the files you have?

7 November 2021 01:31
Avatar

Are you here?

7 November 2021 14:28

hi

7 November 2021 14:33
Avatar

We have uploaded a list of all your files that we have. You can see them in the panel.

7 November 2021 14:59
Avatar
Avatar

Thanks, we'll take a look today. So basically if we don't pay, everything in this list gets onto your site?

7 November 2021 15:55

Yes, the files will be revealed here on the site. We will also study them in more detail and post them on other forums. You should understand that this information can get to intruders.

7 November 2021 16:06
Avatar
Avatar

Understood. We are uploading the files with the key file now.

7 November 2021 20:56

ok

7 November 2021 20:59
Avatar

These both files contain sensitive info. I will not disclose them to you before payment. Choose another files or I can upload them to you truncated

7 November 2021 21:04
Avatar
Avatar

We have hundreds of files like this that need to be unlocked. These two alone won't make a difference. We just want to make sure your tool works since there's little value in paying if we can't get these files fixed.

8 November 2021 14:23

We are well-known organization and our decryptor works. Otherwise you would able to read about any issues with other companies which are hundreds.

8 November 2021 14:28
Avatar
Avatar

We've seen it work on the first 2 files you fixed but we've heard that encryption can sometimes corrupt files too. The last thing we want to do is pay and not get our files back. We can't afford to pay a dime without knowing that your tool will get us back up and running. Sorry if this isn't a normal ask. We're just against a wall right now and this would really help.

8 November 2021 15:22

Upload any other files and a corresponding key(s) without any important info in them.

8 November 2021 16:08
Avatar
Avatar

We're just worried about this particular file type. That's the main issue.

8 November 2021 16:44

I already decrypt these two last files you uploaded, but I can't send you them to you due to sensitive info inside

8 November 2021 18:00
Avatar

So you will be able to do the same right after you'll purchase the decryption software

8 November 2021 18:01
Avatar
Avatar

Not sure how we'll be able to pay without seeing it. I've read a lot online and people are always running into issues with decryption. This is going to be a risk no matter what, but we need certain assurances

8 November 2021 18:37
Avatar

If you can't send the files, can you send a screenshot?

8 November 2021 19:51

We will answer you a little bit later.

8 November 2021 21:00
Avatar

I have uploaded shorten files

8 November 2021 21:09
Avatar
Avatar

We'll review them. If they look good, then we can pay $100,000. That's a little more cash than what we actually have, but we'll take a step towards you to make this happen. Do we have an agreement?

8 November 2021 21:18

The price is not a subject to discuss.

8 November 2021 21:47
Avatar
Avatar

This isn't about a low ball. No idea how to get our hands on $200,000. What's something reasonable you'd consider?

8 November 2021 21:51

The price of $ 200,000 was announced at the very beginning of the negotiations. After that, you continued negotiations, specifying all the necessary information for you. thereby you agreed to the announced amount. You didn't just waste your time on this, did you? Your company look can afford this amount and you know it. We did not overstate the cost, the price is optimal for you. I ask you to make a decision and make a payment as soon as possible. Then we will fulfill all the stated conditions immediately.

8 November 2021 22:40
Avatar
Avatar

We were trying to see if this was a viable solution before discussing the financial side. It wouldn't make sense for us to go through with this if we weren't sure on what we were getting from you. We're a small business and we figured you wouldn't accept a small price. $100,000 is not a small price.

9 November 2021 00:23
Avatar

If we can move some money around and increase what we can send you to $150,000 will you accept? This is a lot of money for us, we're just a small business and we're trying to take a step in reaching a quick agreement with you.

9 November 2021 05:26

I fully understand you. I understand what a difficult situation you are in. And for this reason, I will help you, I agree to $ 170,000. I will ask you to also help me and make the payment quickly.

9 November 2021 07:20
Avatar
Avatar

Ok, it's late right now but I will bring this to my team first thing in the morning. Thank you

9 November 2021 08:18
Avatar

Is the wallet [redacted]? Also, what will we get from you if we pay $170,000?

9 November 2021 15:23

After payment you will get: 1) The decryption software 2) Promise of non-disclosure 3) Access to exfiltrated files storage 4) Security report

9 November 2021 15:33
Avatar

Yes, our wallet [redacted]

9 November 2021 15:37
Avatar
Avatar

Paid. Can we get the tool now?

9 November 2021 20:02

Wait a little bit. We'll get to step 1 soon.

9 November 2021 20:19
Avatar
Avatar

and steps 2-4?

9 November 2021 21:24

3) Access to exfiltrated files storage mega.nz login megashara@onionmail.org Password [redacted]

9 November 2021 21:58
Avatar

4) Security report https://dropmefiles.net/en/[redacted]

9 November 2021 22:20
Avatar
Avatar

checking this out

10 November 2021 00:32

This information is provided by Valéry Marchive & Julien Mousqueton