Conti Log 19
5/26/2026, 9:36:02 AM
Conti11/6/2021, 8:51:20 PM
Hello, are you ready to negotiate?
VictimInvalid Date
Hello, did you take any data from us ?
VictimInvalid Date
what are the next steps to get our systems decrypted ?
ContiInvalid Date
30percentlisting.txt [ 4.1MB ]
ContiInvalid Date
datapack-example.zip [ 1.9MB ]
ContiInvalid Date
We have 450Gb of your data. You can choose any two files from this listing, we will upload them to you, this is proof that we have them. Wait, soon we will write you the terms of cooperation.
ContiInvalid Date
As you already know - your network and all of your data were encrypted by CONTI team. Besides the encryption process we've downloaded a large pack of your internal documents and files that will be published in case our negotiations fail. How it happens can be seen on our website. The recovery price is $600000 (15 BTC). If you want to make sure we can recover all of your data - you can send us the two files of your choice and we will decrypt them free of charge. If we reach mutual agreement your will be provided with decryption tool, none of your internal data will be published and you will be provided with security tips on how to avoid further breaches. We strongly recommend to review our offer in a timely manner to avoid additional expenses from your side on security software and on building the new network from scratch.
VictimInvalid Date
How do I know you can decrypt my data?
ContiInvalid Date
Send us your two encrypted files, and we'll decrypt them for you as proof.
VictimInvalid Date
nopdf.csv.[redacted] [ 76kB ]
VictimInvalid Date
esign_scripts-withTransID.sql.[redacted] [ 2kB ]
ContiInvalid Date
Will decrypt and upload asap.
ContiInvalid Date
esign_scripts-withTransID.sql [ 1kB ]
ContiInvalid Date
nopdf.csv [ 76kB ]
VictimInvalid Date
Powerpoint-france-[redacted]-destination.jpg.[redacted] [ 4.4MB ]
VictimInvalid Date
Thank you, can you decrypt this sample file as well please?
VictimInvalid Date
are you here ?
ContiInvalid Date
Powerpoint-france-[redacted]-destination.jpg [ 4.4MB ]
VictimInvalid Date
What will be the discount if we pay quickly to you today, we are working with banks and still struggling to get approvals as our financial records says we are already in loss because as you already know that we are an educational cultural exchange program that send student abroad to study, since start of covid till now we have not been able to sent applicants out of US in over a year which is same for other countries applicants
ContiInvalid Date
$500 000. If you pay today
VictimInvalid Date
We really can afford what you are asking
ContiInvalid Date
Soon we will give you the bitcoin wallet address where you will need to send the coins. Please wait
VictimInvalid Date
We have collected around 100k from our partners and emergency funds and if the bank approves our loan ( which we are in constantly followup ) we will get additional 100K, so we will at position to pay you around 200k$ if all went as planned, but above that we are having no options to collect more funds.
ContiInvalid Date
Is this a joke? Do you understand that your business is in our hands? Do you understand the consequences for you if you do not agree with us? We can't accept 200k.
VictimInvalid Date
We are not joking and know that you are a serious organization, as stated before the global pandemic effected our ability to operate for an entire year causing us to lose most of our business that keeps us floating. We are still working with the bank to try and convince them that their financial aid will not be wasted but they know about our current situation. We are pursuing additional means to finding more fundsand will update you on any progress we have made if any.
VictimInvalid Date
If you can give us another offer that might be more possible for us, it may help us convince the banks to approve a loan, we are still working on getting their assistance.
ContiInvalid Date
We are ready to go down to $480k from our side. That's a huge step forward keeping in mind that our initial claim was already pretty low comparing to our usual demands.
VictimInvalid Date
We should be able to secure the loan approval today which would give us the 200k once its put together, we are also currently working on an additional source that could potentially give us around $256,000 that we would then convert into BTC if the the process does not fall through. We know this is lower than what you are demanding but we just really do not have the type of financial ability to come up with that much.
ContiInvalid Date
We are ready to accept $256k. I will provide the wallet for the payment a bit later today.
VictimInvalid Date
Ok, we will continue to work on getting those funds in our possession and converted into BTC. We will send it once we have your BTC wallet.
ContiInvalid Date
The wallet for the payment is : [redacted] let me know once the transfer is made.
VictimInvalid Date
Thank you, we should have the funds soon hopefully. Once the payment is sent will you provide us with a list of the files that were taken, proof that they have been deleted as well as the decryption tool to restore all of our devices?
ContiInvalid Date
Yes, of course, you will be provide with all mentioned deliverables.
VictimInvalid Date
Thank you, could you also provide us with some details on how you got into our network after the payment is sent?
ContiInvalid Date
Yes, of course.
ContiInvalid Date
$256,000 amount is only valid if you pay today. You're running out of time
VictimInvalid Date
Did you received the payment ? we are still waiting for the keys
ContiInvalid Date
Yes. The payment is received. The decryption tool will be provided soon. Already processed the request to tech dept.
ContiInvalid Date
[redacted]_decryptor.exe [ 103kB ]
ContiInvalid Date
Decryptor: 1) Launch the decryptor under Administrative rights 2) Wait till the decryptor window is closed 3) if any of the files haven't changed the extension back to the original - repeat 1 and 2
VictimInvalid Date
Hello can you please share with us the rest of deliverables 1) file tree of the data you took 2) proof that it has been deleted 3)Security report
ContiInvalid Date
You have been breached through the email phishing campaign. The overall security score is 2 out of 5. Our recommendations will be : 1. Implement better email filtering policies 2. Implement tape-based backup hardware 3. Audit account access policies network wide 4. Rebuild the network using segmentation procedures 5. Implement better password policies 6. Block pass-the-hash and kerberoast attacks 7. Notify all your employees and security policies inside the company (opening email attachments, changing passwords, etc) 8. Buying better AV/EDR software
ContiInvalid Date
The other deliverables will be provided soon.
ContiInvalid Date
[redacted]-full-listing.7z [ 695kB ]
VictimInvalid Date
Can you also send us the wipe proof ?
VictimInvalid Date
Also can you share which user was phished/compromised initially?
ContiInvalid Date
Will do, but I am not sure if I will be able to find the initial compromised user right now, it's been pretty long time ago.
ContiInvalid Date
log_remove.7z [ 1.1MB ]
Links
No links were attached to this log.