Ransomware negotiation(s) with
hive
Hello and welcome to Hive.
How may I help you?
2 November 2021 17:52
Hello! Waiting for your decision, otherwise I will be forced to raise the price if ignored and put your information on my information auction.
3 November 2021 13:40
Anyone still here?
5 November 2021 16:30
How may I help you?
5 November 2021 16:51
What's your intention here?
5 November 2021 17:57
We don't care about your company files, we don't care about that, we're only interested in profit. This is business. Are you ready to make a deal?
5 November 2021 18:20
Decrypting your server and removing stolen confidential files from your servers costs you $200,000 in bitcoins.
5 November 2021 18:23
Wow...$200,000 in bitcoins is serious money. No idea who you are or what data you're talking about.
5 November 2021 18:25
After payment, you will receive:
1) Transcription software
2) Promise of non-disclosure
3) Access to storage of decrypted files
4) Security report
To convince you to pay, we can make calls to your customers to notify them of the incident.
5 November 2021 18:29
Trust me, that's the last thing I need. Just trying to get details from you. Just feeling very targeted right now.
5 November 2021 18:37
How do I know you have files?
5 November 2021 18:37
If you are willing to cooperate, I will give you some files to confirm, but it does not matter, as it is silly to think that we have not downloaded anything when big money is being decided. You can read public news and our publications to be sure of our words http://hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd.onion/
5 November 2021 19:06
lacveeam1.lac.[redacted].com
MDVTSQL1
lacsql2012.lac.[redacted].com
SQLCLUSTER02
lacwsus.lac.[redacted].com
CIFSFTPDATA What files from these hosts are you interested in? Maybe you are interested in other hosts, tell me the name of the host
5 November 2021 19:11
Which hosts did you take files from?
5 November 2021 19:55
I don't know which hosts your data was downloaded from. We took only those files that were of interest and could be sold to third parties. Typically, customer data, databases, financial reports, corporate email archives and other classified and confidential data related to the company's activities (technological developments, blueprints, drug clinical trials, software codes, etc.) are downloaded.
6 November 2021 02:35
Can you show us what the files of interest were?
6 November 2021 03:13
We selected several random files from the downloaded repository and attached to the panel. You can watch it.
6 November 2021 11:02
Can you decrypt these 2 files?
6 November 2021 19:22
I have decrypted both files
6 November 2021 19:36
Are these all the files you took from me?
7 November 2021 00:13
Can you give me a list of all the files you have?
7 November 2021 01:31
Are you here?
7 November 2021 14:28
We have uploaded a list of all your files that we have. You can see them in the panel.
7 November 2021 14:59
Thanks, we'll take a look today. So basically if we don't pay, everything in this list gets onto your site?
7 November 2021 15:55
Yes, the files will be revealed here on the site. We will also study them in more detail and post them on other forums. You should understand that this information can get to intruders.
7 November 2021 16:06
Understood. We are uploading the files with the key file now.
7 November 2021 20:56
These both files contain sensitive info. I will not disclose them to you before payment. Choose another files or I can upload them to you truncated
7 November 2021 21:04
We have hundreds of files like this that need to be unlocked. These two alone won't make a difference. We just want to make sure your tool works since there's little value in paying if we can't get these files fixed.
8 November 2021 14:23
We are well-known organization and our decryptor works. Otherwise you would able to read about any issues with other companies which are hundreds.
8 November 2021 14:28
We've seen it work on the first 2 files you fixed but we've heard that encryption can sometimes corrupt files too. The last thing we want to do is pay and not get our files back. We can't afford to pay a dime without knowing that your tool will get us back up and running. Sorry if this isn't a normal ask. We're just against a wall right now and this would really help.
8 November 2021 15:22
Upload any other files and a corresponding key(s) without any important info in them.
8 November 2021 16:08
We're just worried about this particular file type. That's the main issue.
8 November 2021 16:44
I already decrypt these two last files you uploaded, but I can't send you them to you due to sensitive info inside
8 November 2021 18:00
So you will be able to do the same right after you'll purchase the decryption software
8 November 2021 18:01
Not sure how we'll be able to pay without seeing it. I've read a lot online and people are always running into issues with decryption. This is going to be a risk no matter what, but we need certain assurances
8 November 2021 18:37
If you can't send the files, can you send a screenshot?
8 November 2021 19:51
We will answer you a little bit later.
8 November 2021 21:00
I have uploaded shorten files
8 November 2021 21:09
We'll review them. If they look good, then we can pay $100,000. That's a little more cash than what we actually have, but we'll take a step towards you to make this happen. Do we have an agreement?
8 November 2021 21:18
The price is not a subject to discuss.
8 November 2021 21:47
This isn't about a low ball. No idea how to get our hands on $200,000. What's something reasonable you'd consider?
8 November 2021 21:51
The price of $ 200,000 was announced at the very beginning of the negotiations. After that, you continued negotiations, specifying all the necessary information for you. thereby you agreed to the announced amount. You didn't just waste your time on this, did you? Your company look can afford this amount and you know it. We did not overstate the cost, the price is optimal for you. I ask you to make a decision and make a payment as soon as possible. Then we will fulfill all the stated conditions immediately.
8 November 2021 22:40
We were trying to see if this was a viable solution before discussing the financial side. It wouldn't make sense for us to go through with this if we weren't sure on what we were getting from you. We're a small business and we figured you wouldn't accept a small price. $100,000 is not a small price.
9 November 2021 00:23
If we can move some money around and increase what we can send you to $150,000 will you accept? This is a lot of money for us, we're just a small business and we're trying to take a step in reaching a quick agreement with you.
9 November 2021 05:26
I fully understand you. I understand what a difficult situation you are in. And for this reason, I will help you, I agree to $ 170,000. I will ask you to also help me and make the payment quickly.
9 November 2021 07:20
Ok, it's late right now but I will bring this to my team first thing in the morning. Thank you
9 November 2021 08:18
Is the wallet [redacted]? Also, what will we get from you if we pay $170,000?
9 November 2021 15:23
After payment you will get:
1) The decryption software
2) Promise of non-disclosure
3) Access to exfiltrated files storage
4) Security report
9 November 2021 15:33
Yes, our wallet [redacted]
9 November 2021 15:37
Paid. Can we get the tool now?
9 November 2021 20:02
Wait a little bit. We'll get to step 1 soon.
9 November 2021 20:19
and steps 2-4?
9 November 2021 21:24
3) Access to exfiltrated files storage
mega.nz login megashara@onionmail.org
Password [redacted]
9 November 2021 21:58
4) Security report
https://dropmefiles.net/en/[redacted]
9 November 2021 22:20
checking this out
10 November 2021 00:32
This information is provided by Valéry Marchive & Julien Mousqueton