REvil

Hello.
If you are satisfied with the screenshots of the folders, we will provide them to you within a few minutes.
Or we can provide you with a link to some of your data for review. But it will take about an hour.

Good. 10 minutes and we will provide you with screenshots.

ok

We would like to draw your attention to the fact that we did not delete
 data from your ESXI servers. The information is also encrypted there. 
If we make a deal, we will give you a decryptor so that you can restore 
the servers.

But we do not guarantee recovery if you carry out any manipulations with these servers.

Good. This also applies to other files outside of ESXI.

We have started transferring some of the data to the new server so that
 you can familiarize yourself with the data. It will take some time. In 5
 minutes you will be able to get acquainted with what we have already 
transferred for you.

We will upload files here for review.
The link is available through the TOR browser.
Some of the data is still in the process of being copied.

We've finished copying the sample data for you.
Can you please tell me, are you only interested in data files or are you also interested in the decryptor?
As we already wrote before, we strongly discourage using third-party solutions.

3rd party solutions - Various programs, the descriptions of which say 
that they can recover data, but this is not the case. Typically, the use
 of such third-party programs leads to the fact that our decryptor can 
no longer recover your data.

If you are ready to move on to the deal in the near future, then we can
 provide you with a discount. If you do not need a decryptor, then the 
discount will be slightly higher.

Good. We will be in touch.

Do I understand correctly that you do not need a decryptor?

This is just business, it makes no sense for us to lie or not fulfill 
obligations. If we do business this way, there will be no profit for us.
In fact, you question is very strange - we think that the provided data 
is already enough to understand the seriousness of your problem. it's 
all about your reputation and possible damage to your customers.
We have been in your network for more than 2 weeks and we think you 
understand that there was enough time to download even more information.
You can also read about REvil on the Internet and find out that 500 
gigabytes is a small leak, since sometimes several terabytes of data are
 downloaded.
And also you will find out that if we can't reach the agreemnt, then we will have to publish some of the data in our blog.
You should also know that in 5 days the amount will be doubled.

Do you want us to give you a discount of more than 90%? Of course this is impossible.
I will give you a small example. The company is close to your profile, 
the annual turnover was 2.5 times less, as well as we had 2 times less 
data and we have already published some of the data in the blog - as a 
result, this company paid 4 million.
They also did not need a decryptor - they were able to recover from the backups that we missed.
Next comes simple math.
What you read is either small companies or information with understated 
amounts. Most companies do not advertise the fact of hacking and 
payment.

Apparently you do not realize the seriousness of the situation and the consequences.
Loss of reputation
Loss of clients and possible litigation with them.
Financial losses due to downtime that can take a very long time.
Your data will also be seen by your competitors
The stocks in the market will begin to fall, and this is clearly not to your investors' liking.
And much more.
You are a big, serious company - be realistic.

If you are ready to seriously discuss the deal in the near future, then we will be ready to slightly reduce the amount.
If your new proposal is again frivolous, we will have to prepare a blog post with the first part of the data.

I recommend that you do not trust such reports.
We don't know what information the Coveware report was based on.
How many companies are using Coveware?
What is the size of the company and what is their revenue?
Was there a data leak?
Or was the company able to recover on its own and the company was interested only in non-disclosure?
Company profiles?
And much more.

We also recommend that you be extremely careful when contacting a company like Coveware.
As practice shows, the task of such companies is to make money on the client's problem. Most often they use payment per hour.
Therefore, they usually start to play for time during negotiations and thereby pull money from the client.
They won't care about your data. And if the deal does not take place, 
then the data is published and companies like Coveware will do it anyway
 for this fact - they will still make money.
They are often too confident that we will agree to any amount and will 
not publish the data, but you can take a look at our blog and see how 
many companies they faked in this way.
It is also a frequent case when we publish the first part of the data - 
companies immediately go to the deal, understanding how serious 
everything is.

Returning to the topic of statistics of payments and amounts - as you 
understand, the companies that ignite do not want publicity, so you 
rarely see news that the company paid 5-10-15-20 million. But this 
happens.
Here is a public example for you, to which we have nothing to do, but I think the meaning will be clear:
https://www.wired.com/story/garmin-ransomware-hack-warning/

This is a public event. The company did not want to pay, after which 
part of its data was published and as far as I know - after that the 
company quickly agreed to the deal.

I could provide private evidence of other multi-million dollar deals, but of course I won't.
We do business with integrity. All the more would you like it if in the 
future we would tell other companies about your case? If we come to a 
deal, no one will know about it, otherwise you will be another example 
for our other companies.

As for the amount.
I think you perfectly understand that you will incur large financial 
losses. You are already losing money and I don’t think you want it to 
continue like this. And now we are only talking about easy to work with.
 But do you understand that there will be other losses?
Clients will find out about what happened to you and find out that their
 data has been published, including confidential. Including problems 
with their projects. I think it is not easy for them not to want to 
continue working with you, and they will also sue you. And probably it 
will also go about millions of claims.
So what happens if competitors take advantage of the data we can publish?
How will investors react to this?
Believe me, there is enough data for the company to incur more serious losses and they will exceed the amount requested from us.

We are not the first day in this business and we can conditionally 
calculate how much the company can and will be willing to pay. As well 
as possible losses of the company. Therefore, we offer an adequate 
amount and it does not include the discount that we can offer if the 
company conducts a correct and serious conversation, and is also ready 
to conduct a deal up to double the amount and publish the first part of 
the data.

We are still waiting for a serious offer from you. Keep in mind that 
tomorrow we will be preparing the first publication for our blog 
regarding your company - we are going to publish it on Friday if we do 
not come to an agreement. The blog is followed by many media and as soon
 as a new entry appears there, after a few hours it appears on many news
 portals.

A link to our blog where you can check out the leaks of other companies that didn’t make the deal:
http://dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion

I also recommend that you familiarize yourself with this material in order to avoid mistakes:
http://dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion/posts/[redacted]

We will not be able to link the gmail account with the your company.
LinkedIn account or Facebook of an employee or company?
Phone call?

After you provide us with a contact for communication, we will remove it from our correspondence so that no one can see it

We removed from the chat all the message where the name of your company
 was mentioned, as well as screenshots of the data, by which it was 
possible to determine which company could be discussed. We are waiting 
for your contact information to switch to another chat.

Okay. Let us carry out verification via Facebook or LinkedIn.

We can provide you with a new private chat without verification, but if
 we are confused by the correspondence in it, we will return to the main
 chat, where we are currently communicating.

Let me know as soon as you are ready to receive a password and instructions.
After that, write to us in a new chat and we will remove the password and instructions from the main chat.

Yes, that will be enough.

did you receive instructions and password?

Why do we need this? We have removed all information that could help someone identify your company name.

Write to me where the evidence is left and I will delete it.

I see screenshots. I removed them.

Ready

I think we can start discussing the deal.

Good. We are in touch.

How are things going into the negotiation of the deal? Your time is 
coming to an end. If by tomorrow we do not agree on a deal, we will 
publish the first post on our blog. And also discounts will cease to be 
relevant. And we will already be discussing the next discount from the 
doubled amount, and as you understand, the amount in the end will be 
more than 9 million.

We all perfectly understand, but there are certain algorithms and 
deadlines in our work, which have proven their effectiveness more than 
once.

"As the board is considering options, do you have a new number so I can
 take to them board." - what number are we talking about?

If in the near future we come to an agreement, then I think we will be able to provide a discount of 10-15%.

But we will discuss the discount specifically when we receive an offer 
from the company. We do not recommend offering understated amounts - you
 must be realistic. Otherwise, as practice shows, negotiations are 
delayed, which leads to publications and an increase in the amount.

1) You can recover this data using the decryptor anyway. But if required, we will provide you with a link to all your data.
2) Yes, we will provide you with information on how we got into the company's network and how we got access to all the data.
3) We don't do that kind of thing. This will ruin our reputation. We 
will give you recommendations on how to avoid repeated intrusion (from 
other teams).
4) Why will we not save them - why waste resources on this? As soon as 
we receive payment, we will delete the data from all backup servers and 
it will remain on only one server so that you can download it if you 
need it. Then we will remove them from there.
This is a business. If we leak, we will ruin our reputation and other companies will not pay us.
5) Our software is time-tested. This will not happen if you have not tried to restore data using third-party software.

Good. We will be in touch.