forked from Casualtek/Ransomchats
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path20210430.json
520 lines (520 loc) · 18.6 KB
/
20210430.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
{
"chat_id": "",
"messages": [
{
"party": "Avaddon",
"content": "Hello from Avaddon Team .Price for you is \n$300,000. We have downloaded a lot of critical data, which will be \npublished on our news website (http://avaddongun7rngel.onion) if you do \nnot make a payment. After the payment we will decrypt all your systems, \ngive you listing of files that we have taken, remove data from our \nservers and give you proofs of deletion. Also we will provide you with \nsecurity report, so you can fix all your vulnerabilities and be safe \nagain.",
"timestamp": "11:55 30.04.2021"
},
{
"party": "Avaddon",
"content": "We are ready to talk to you and discuss on this matter ....",
"timestamp": "11:56 30.04.2021"
},
{
"party": "Victim",
"content": "hi",
"timestamp": "14:58 30.04.2021"
},
{
"party": "Victim",
"content": "is anyone here?",
"timestamp": "14:58 30.04.2021"
},
{
"party": "Avaddon",
"content": "Hello!",
"timestamp": "15:05 30.04.2021"
},
{
"party": "Victim",
"content": "wnat to talk to you about this situation",
"timestamp": "15:06 30.04.2021"
},
{
"party": "Victim",
"content": "your price is very expensive for us",
"timestamp": "15:07 30.04.2021"
},
{
"party": "Victim",
"content": "300.000$ is our 3 year budget",
"timestamp": "15:07 30.04.2021"
},
{
"party": "Victim",
"content": "tell us the real possible price and we ready to pay",
"timestamp": "15:08 30.04.2021"
},
{
"party": "Avaddon",
"content": "How much can you pay at most?",
"timestamp": "15:09 30.04.2021"
},
{
"party": "Victim",
"content": "give me 5 minute",
"timestamp": "15:13 30.04.2021"
},
{
"party": "Victim",
"content": "i will talk with my chief",
"timestamp": "15:13 30.04.2021"
},
{
"party": "Avaddon",
"content": "ok",
"timestamp": "15:14 30.04.2021"
},
{
"party": "Victim",
"content": "redy to pay 3000$",
"timestamp": "15:19 30.04.2021"
},
{
"party": "Avaddon",
"content": "This is a joke?",
"timestamp": "15:30 30.04.2021"
},
{
"party": "Avaddon",
"content": "Your price is $ 300,000.",
"timestamp": "15:30 30.04.2021"
},
{
"party": "Victim",
"content": "300.000$ is a joke",
"timestamp": "15:32 30.04.2021"
},
{
"party": "Victim",
"content": "becauuse we havn't this amount of money",
"timestamp": "15:32 30.04.2021"
},
{
"party": "Victim",
"content": "3000$ we can pay or go ahead to reainstall all our systems",
"timestamp": "15:33 30.04.2021"
},
{
"party": "Victim",
"content": "search on map our country Armenia",
"timestamp": "15:35 30.04.2021"
},
{
"party": "Victim",
"content": "300.000 is out country budget how we can pay this kind of money?",
"timestamp": "15:35 30.04.2021"
},
{
"party": "Avaddon",
"content": "Perhaps the price is too high for you and we are ready to make a small discount.",
"timestamp": "15:38 30.04.2021"
},
{
"party": "Avaddon",
"content": "But on $ 3,000 we will never agree.",
"timestamp": "15:40 30.04.2021"
},
{
"party": "Avaddon",
"content": "Reinstalling all systems and restoring the \nworkflow will take a very long time and you will incur heavy losses. The\n best option would be to pay and get back to normal quickly.",
"timestamp": "15:43 30.04.2021"
},
{
"party": "Victim",
"content": "yes you are right",
"timestamp": "15:44 30.04.2021"
},
{
"party": "Victim",
"content": "we will lose money while trying to \nreainstall all systems and getting back informtion from external backups",
"timestamp": "15:44 30.04.2021"
},
{
"party": "Victim",
"content": "but don't lose so much as you want",
"timestamp": "15:45 30.04.2021"
},
{
"party": "Victim",
"content": "3000$ ready to pay, agree or not?",
"timestamp": "15:45 30.04.2021"
},
{
"party": "Avaddon",
"content": "We have a lot of your important files that \nwe will publish on our blog if you do not cooperate with us.",
"timestamp": "15:51 30.04.2021"
},
{
"party": "Victim",
"content": "I know all this",
"timestamp": "15:52 30.04.2021"
},
{
"party": "Victim",
"content": "but we havn't money!",
"timestamp": "15:52 30.04.2021"
},
{
"party": "Victim",
"content": "what can we do?!",
"timestamp": "15:52 30.04.2021"
},
{
"party": "Avaddon",
"content": "You will never be able to get your files \nback without our decryptor! Only we have a unique key to decrypt your \nfiles. Don't waste time and money trying to decrypt files yourself.",
"timestamp": "15:52 30.04.2021"
},
{
"party": "Victim",
"content": "I know that very well",
"timestamp": "15:53 30.04.2021"
},
{
"party": "Victim",
"content": "I comunicate with you before",
"timestamp": "15:54 30.04.2021"
},
{
"party": "Victim",
"content": "I know all this processes",
"timestamp": "15:54 30.04.2021"
},
{
"party": "Victim",
"content": "and now that we cant decrypt our files",
"timestamp": "15:54 30.04.2021"
},
{
"party": "Victim",
"content": "we just can reinstall all systemss and restore backups but it will take too long for us",
"timestamp": "15:54 30.04.2021"
},
{
"party": "Avaddon",
"content": "We are ready to make a very big discount for\n you. If you pay within 67 hours, we will offer you a 50% discount. Then\n the price will again be $ 300,000.",
"timestamp": "15:54 30.04.2021"
},
{
"party": "Victim",
"content": "so we ready to pay as much as we can",
"timestamp": "15:55 30.04.2021"
},
{
"party": "Avaddon",
"content": "Now you need to pay $ 150,000.",
"timestamp": "15:56 30.04.2021"
},
{
"party": "Victim",
"content": "what's your name?",
"timestamp": "15:56 30.04.2021"
},
{
"party": "Avaddon",
"content": "It does not matter.",
"timestamp": "15:57 30.04.2021"
},
{
"party": "Victim",
"content": "you know our country?",
"timestamp": "15:58 30.04.2021"
},
{
"party": "Victim",
"content": "how the small firm in Armenia can pay you 150.000?",
"timestamp": "15:58 30.04.2021"
},
{
"party": "Victim",
"content": "my house cost 15.000$ in all",
"timestamp": "15:59 30.04.2021"
},
{
"party": "Avaddon",
"content": "Sir, you are offering us a ridiculous price,\n it does not suit us at all. Before we set you a price of $150,000, we \nanalyzed your profitability and your capabilities in general, this price\n was taken not from the sky, but according to specific criteria, and by \nanalysis.",
"timestamp": "15:59 30.04.2021"
},
{
"party": "Victim",
"content": "what can I say, your analysis is wrong...",
"timestamp": "16:00 30.04.2021"
},
{
"party": "Victim",
"content": "last time a year ago I paid 1700$ for your decrypting key",
"timestamp": "16:01 30.04.2021"
},
{
"party": "Avaddon",
"content": "And we will tell you that $ 15,000 is still \nnot enough, and we do not agree to such a small amount. Suggest more or \nwe will use other methods. We can share your financial statements, your \nemployee and customer data, and more in the public domain. Use DDOS. We \ncan completely ruin the reputation of your business. Then you will have a\n lot of problems and you will suffer a lot of damage. You choose ...",
"timestamp": "16:06 30.04.2021"
},
{
"party": "Victim",
"content": "I don't event suggest 15.000$, because I havn't",
"timestamp": "16:07 30.04.2021"
},
{
"party": "Avaddon",
"content": "We want to talk to your boss.",
"timestamp": "16:10 30.04.2021"
},
{
"party": "Victim",
"content": "I called him, will be here in 15 minutes",
"timestamp": "16:11 30.04.2021"
},
{
"party": "Victim",
"content": "Hi, I'm CEO",
"timestamp": "16:22 30.04.2021"
},
{
"party": "Victim",
"content": "my name is [redacted]",
"timestamp": "16:23 30.04.2021"
},
{
"party": "Victim",
"content": "ready to cooperate with you ...",
"timestamp": "16:25 30.04.2021"
},
{
"party": "Avaddon",
"content": "Hello, [redacted]!",
"timestamp": "16:25 30.04.2021"
},
{
"party": "Avaddon",
"content": "Are you already aware of the situation?",
"timestamp": "16:26 30.04.2021"
},
{
"party": "Victim",
"content": "yes, of course",
"timestamp": "16:26 30.04.2021"
},
{
"party": "Victim",
"content": "but unfortunately your requirements are in not compatible with the budget of our company ...",
"timestamp": "16:29 30.04.2021"
},
{
"party": "Avaddon",
"content": "How much can you offer? As we already wrote,\n the amount of $ 15,000 or $ 20,000 does not interest us.",
"timestamp": "16:31 30.04.2021"
},
{
"party": "Victim",
"content": ":)",
"timestamp": "16:33 30.04.2021"
},
{
"party": "Victim",
"content": "and how much you want if you don't agree with 15.000 or 20.000?",
"timestamp": "16:34 30.04.2021"
},
{
"party": "Avaddon",
"content": "You're not serious! You do not understand \nthe magnitude of the problems for your company. Are you ready to incur \nlosses and ruin your reputation or will you cooperate and offer a higher\n amount?",
"timestamp": "16:37 30.04.2021"
},
{
"party": "Avaddon",
"content": "We have already offered you a very large \ndiscount, which we do not do for other clients. We have made a 50% \ndiscount for you.",
"timestamp": "16:37 30.04.2021"
},
{
"party": "Victim",
"content": "I asked how much you want?",
"timestamp": "16:38 30.04.2021"
},
{
"party": "Victim",
"content": "I perfectly understand all the risks",
"timestamp": "16:39 30.04.2021"
},
{
"party": "Avaddon",
"content": "The price for you is $ 150,000.",
"timestamp": "16:44 30.04.2021"
},
{
"party": "Avaddon",
"content": "After the expiration of the time, the price will double and then it will be $ 300,000.",
"timestamp": "16:44 30.04.2021"
},
{
"party": "Victim",
"content": "it's not serious my company is not able to \npay you that kind of money let my IT specialists stay awake for several \ndays and restore archives or pay you this money as they want",
"timestamp": "16:49 30.04.2021"
},
{
"party": "Victim",
"content": "by",
"timestamp": "16:49 30.04.2021"
},
{
"party": "Avaddon",
"content": "You cannot recover files without our unique key.",
"timestamp": "16:52 30.04.2021"
},
{
"party": "Avaddon",
"content": "You have 66 hours to start working with us or you will have a lot of problems.",
"timestamp": "16:53 30.04.2021"
},
{
"party": "Avaddon",
"content": "After 7 o'clock your amount to double. This is the last chance to pay at such a low price.",
"timestamp": "04:02 03.05.2021"
},
{
"party": "Avaddon",
"content": "Hi guys are you there ?",
"timestamp": "11:39 03.05.2021"
},
{
"party": "Avaddon",
"content": "Contact us if you see this, it looks like we have a misunderstanding.",
"timestamp": "11:40 03.05.2021"
},
{
"party": "Victim",
"content": "hi",
"timestamp": "16:04 03.05.2021"
},
{
"party": "Victim",
"content": "what you mean?",
"timestamp": "16:04 03.05.2021"
},
{
"party": "Avaddon",
"content": "Sir, we found out that one of the branches \nof your network is located in Armenia, our policy of work does not allow\n working in the CIS countries, so we will give you a decryptor general \nwith which you can decrypt your entire network. We strongly apologize \nfor this unpleasant incident and would like to say that we will help you\n restore your systems even if you have any problems.",
"timestamp": "16:20 03.05.2021"
},
{
"party": "Victim",
"content": "really? this is a great news",
"timestamp": "05:32 04.05.2021"
},
{
"party": "Victim",
"content": "despite the fact that we already recover \nmost of our information, we will be thankful if you give us the key",
"timestamp": "05:35 04.05.2021"
},
{
"party": "Avaddon",
"content": "You can download the decryptor.",
"timestamp": "05:40 04.05.2021"
},
{
"party": "Victim",
"content": "from where? give link please",
"timestamp": "05:43 04.05.2021"
},
{
"party": "Victim",
"content": "is it free software?",
"timestamp": "05:43 04.05.2021"
},
{
"party": "Avaddon",
"content": "http://avaddonbotrxmuyl.onion/[redacted]/buy",
"timestamp": "05:46 04.05.2021"
},
{
"party": "Victim",
"content": "look like it's work...",
"timestamp": "07:00 04.05.2021"
},
{
"party": "Victim",
"content": "can you also help us to understand how you did that?",
"timestamp": "07:03 04.05.2021"
},
{
"party": "Victim",
"content": "we want to found out loophole in our network",
"timestamp": "07:04 04.05.2021"
},
{
"party": "Avaddon",
"content": "Weak passwords.",
"timestamp": "07:33 04.05.2021"
},
{
"party": "Victim",
"content": "but how you could come in to our network?",
"timestamp": "07:41 04.05.2021"
},
{
"party": "Avaddon",
"content": "I will clarify this point.",
"timestamp": "07:42 04.05.2021"
},
{
"party": "Victim",
"content": "we will wait for your clarifying ant will be very thankful for your support",
"timestamp": "07:47 04.05.2021"
},
{
"party": "Avaddon",
"content": "Ok",
"timestamp": "07:48 04.05.2021"
},
{
"party": "Avaddon",
"content": "You guys should do penetration tests more \noften. Hire a professional company and they will find all loopholes in \nyour network. It will cost you few ten thousends but you will be safe.",
"timestamp": "08:16 04.05.2021"
},
{
"party": "Avaddon",
"content": "Update all services with outside internet, especially Ms Exchange server.",
"timestamp": "08:18 04.05.2021"
},
{
"party": "Victim",
"content": "you used zerologon exploit ?",
"timestamp": "08:21 04.05.2021"
},
{
"party": "Avaddon",
"content": "We cannot say anything more for security reasons for personal purposes.",
"timestamp": "08:26 04.05.2021"
},
{
"party": "Victim",
"content": "ok , we understood , thanks for information ,\n we will upgrade our exchange server and do several things for security",
"timestamp": "08:30 04.05.2021"
},
{
"party": "Avaddon",
"content": "Ok guys, excuse us again, I hope you didn't report this to the police? :)",
"timestamp": "08:58 04.05.2021"
},
{
"party": "Victim",
"content": "))",
"timestamp": "09:21 04.05.2021"
},
{
"party": "Avaddon",
"content": "What does it mean ?:)",
"timestamp": "09:23 04.05.2021"
},
{
"party": "Victim",
"content": "don't worry about that",
"timestamp": "09:27 04.05.2021"
},
{
"party": "Avaddon",
"content": "Ok sir , good luck",
"timestamp": "09:28 04.05.2021"
}
]
}