REvil Log 10
5/26/2026, 9:36:08 AM
REvilInvalid Date
We are REvil Group. We want to inform that your company local network have been hacked and encrypted. We have all your local network data. The Price to unlock is $2,500,000. Now we're keeping it a secret, but if you do not reply us within 7 days it will be posted on our news-site. Think about the financial damage to your stock price from this publication. In case of successful negotiations we guarantee that you will get decryptors for all your machines, non recoverable removal of downloaded data and security report on how you were hacked to fix your vulnerabilities. We hope that you can correctly assess the risks for your company.
VictimInvalid Date
Hello REvil Team - We are IT team helping client with the discussions with you and recovering. We would like to discuss how to proceed with this situation and reach a mutual agreement. For us the value of data is certainly very important. Can you provide us with some files your operative acquired from systems. I would suggest 5 files, from 5 different systems, you can choose. If you prefer to provide a file-tree of the files you have it would help us to work with the client to assess the appropriate value. We also have a few logistical issues we need your help with: 1. Payment will need to in BTC, XMR is not possible on this situation 2. Please provide an extra 48 hours to the clock. This is a long weekend and time will run out on Monday, but all banks are closed on Monday and closed on weekend. So we would appreciate the extra time so we can reach an understanding. Thank you, looking forward to working with you again.
REvilInvalid Date
You can use Bitcoin instead of Monero, but it will be more expensive for you in case of our merchant additional fee, so if u want to pay in BTC u need to add +10%. Btc enabled
REvilInvalid Date
It will take us a little time to collect the necessary data. Timer updated
VictimInvalid Date
Thank you. Standing by.
REvilInvalid Date
https://privatlab.com/s/v/[redacted] password for download: [redacted] password for archive: [redacted]
REvilInvalid Date
So that you understand what data we have http://dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion/posts/[redacted]?s=[redacted]
REvilInvalid Date
(Use TOR browser)
VictimInvalid Date
thank you. We are checking
VictimInvalid Date
Hello - Our client has reviewed the data you provided. Based on available funds our client is in a position to offer $192,580 to have the assurance that the data is deleted. The client is already in the process of notifying clients of the situation. I would like to recommend that the offer is accepted soonest. Much graciousness.
REvilInvalid Date
Hi, all my boss has to offer is a 10% discount. We know the scale of this company's problems. Such low amounts are not even considered
REvilInvalid Date
To solve your problem, you need to increase your offer by at least 10-fold.
VictimInvalid Date
Good morning - I understand you offer a 10% discount. Can you please discuss with your boss, the situation is not urgent, nor does the client require decryptors. We work with you in the past on many cases, this is not a matter where such high amount will work to benefit. $192,580 is a lot of money in this case but I spoke to the client and they were able after a lot of accounting investigation to increase the amount to $237,290. Since we are coming to weekend, in many places this is a long weekend and the response will be delay. I recommend if you can speak to boss to try and close as soon as possible.
REvilInvalid Date
My boss is not interested in this amount. You have a few days before publishing in the blog and in the media
VictimInvalid Date
your boss is not interested in $237,290. We understand, it is your decision.
REvilInvalid Date
Friend, you shouldn't start this game, we know very well how much damage has been done to your client. If it was insignificant, you would not write here. If you have nothing more to offer, we have nothing to talk about
VictimInvalid Date
No games. Like I said, client is back to operations and no decryptors are needed. I am being upfront in terms of numbers. They cannot pay 10x of initial offer.
VictimInvalid Date
Not interested in wasting your time or mine.
REvilInvalid Date
As we said earlier. Your proposal is not interesting
VictimInvalid Date
It took me over 2 days to convince the client to come back to the discussion. What can you do to get to a more reasonable number? Decryptors are not needed.
REvilInvalid Date
It doesn't matter for us whether you need decoders or not, for us this is not an argument, one way or another you will get them
VictimInvalid Date
ok
REvilInvalid Date
We have voiced our proposal to you earlier if you cannot approach it then there is no point in continuing the dialogue
VictimInvalid Date
sounds like you do not really want to discuss, I will update the client. Client will not pay what you are asking. 10% is nothing.
REvilInvalid Date
We are ready to consider the issue of the discount again, but what you are offering sounds silly.
VictimInvalid Date
The client is an appliance retailer. they will use the money in a different way to protect employees so unless I get a more serious discount. otherwise you are right, this is not going anywhere.
REvilInvalid Date
I have nothing more to add data will be sold and you must understand this
VictimInvalid Date
here is what you need to understand. No one will buy this info. You publish anything and we are done with this dance. The number you provided is not happening go back and get a better number that the client will consider or we are going nowhere. I am trying to tell you that they are willing to pay something, but your demand of 2.7mil after btc conversion is not worth the data you have.
REvilInvalid Date
If this data is useless, what are you doing here? If you have nothing to pay so much for, then why are you discussing the price? Either make an offer that will interest my boss, or the publication will be in 19 hours and the "dancing" will end.
VictimInvalid Date
I gave you an offer on the table which you choose to ignore and state its not interesting. Value is that you do not play silly games with your publishing, trying to protect employees. Anything else is meaningless. I can try to push to 350k.
REvilInvalid Date
Not interested
VictimInvalid Date
ok
VictimInvalid Date
if your boss or you change your mind my email is: [redacted]@mail.com
REvilInvalid Date
You shouldn't use the old tricks. Leave your email with you
VictimInvalid Date
Had a final discussion with management, final price is 400k. Your answer?
REvilInvalid Date
I must say right away that the amount is less than 1kk my boss is not interested
REvilInvalid Date
If you agree, we close the publication and continue cooperation if not. I think you yourself know
VictimInvalid Date
Like I said, 400k is last amount. Publication is now 0$. I tried to explain to you how things are, but you decide you know better. Too bad.
REvilInvalid Date
Okay my boss agree price update you can pay.
VictimInvalid Date
ok hold on I need to bring client back.
VictimInvalid Date
Ok we confirm the bitcoin amount to settle the situation. Thanks for updating price on site. We are working with a broker to get the bitcoins and do transfer within 24 hours.
REvilInvalid Date
ok
VictimInvalid Date
Please confirm you will provide after payment: 1. Universal decryptor, and technical support in case of problems, 2. Detailed proof of the downloaded data - complete file tree of all of compromised data files, 3. Confirmation of 100% proof of permanent deletion of all compromised data from all your data storage locations and a shred/wiping log, 4. Confirmation that you will delete and will never publish any of the data or this chat or release the company name anywhere, including on your publishing Happy Blog/leaks site, or on the dark web or the Internet, 5. A security report on how company was breached, so we can prevent future problems, and 6. Promise to never again breach or attack company’s networks or websites. Please confirm 1 to 6. Thank you
REvilInvalid Date
Um no. You said that your client does not need a universal decoder, so we will not provide one. We confirm everything else
REvilInvalid Date
The price is formed solely on the fact that you need to completely delete the data and everything from points 2-6. For a decryptor, the payment will be much higher.
VictimInvalid Date
OK, understood. Thanks for confirming 2-6.
VictimInvalid Date
OK, understood. Thanks for confirming 2-6.
REvilInvalid Date
Hello , are you ready to pay ?
VictimInvalid Date
yes, standby
VictimInvalid Date
OK, the transfer is confirmed. What is your timing on delivering the items above?
REvilInvalid Date
wait for answer
VictimInvalid Date
Hello - what's your ETA? Thanks
VictimInvalid Date
Hi we are waiting for your reply?
REvilInvalid Date
Hello we deleted all information about company
VictimInvalid Date
Thanks for confirming. Please provide the agreed items: 2. Complete file tree of all of compromised data files, 3. Shred/wiping file data deletion log, 4. Security report. Thank you
VictimInvalid Date
??
VictimInvalid Date
Hi we are waiting for your reply?
REvilInvalid Date
1. Administrators must work in browsers in in-private mode 2. Administrators are prohibited from saving passwords in browsers 3. Administrators are prohibited from saving files with password lists on their computers or shared resources, as well as sending them by e-mail 4. All users are forbidden to open suspicious mail, punish with money. Allocate for this one computer without connection to the corporate network 5. Administrators work in virtual machines. Virtual machines must be in cryptocontainers 6. Configure firewalls so that administrator's computers do not have direct access to critical servers, but virtual machines have it (firewall rules and network ranges) 7. Limit the list of domain administrators. Split domain administrator password between security department and administration department (password is very long) 8. Delegate small roles to administrators for daily work (resetting passwords, creating users) 9. Use strong antivirus, Cylaence or Сarbon Black or Cortex (we do not advertise antivirus, think byr yourself) 10. Limit access to the Internet on servers and admin's computers. Create a terminal server in the DMZ and use the terminal browser applications 11. All suspicious letters with links should be sent to the IT department for verification on a stand alone virtual machine. 12. Configure mail filters to work with white lists. Anything that is not included in the whitelist must be moderated. 13. Prevent users from launching scripting programming languages (vbs, js and others) and unknown file extensions. If you doubt about openning link, transfer it to the IT department for verification on a stand alone virtual machine. 14. Open documents with macros only from trusted users. If you doubt about openning document, transfer it to the IT department for verification on a stand alone virtual machine. 15. If the user has launched a suspicious file, he should immediately contact the IT department. 16. Disable remote launch for powershell 17. Set 2FA Authorisation for network infrustructure. (Backups)
REvilInvalid Date
The data was deleted automatically, we, for our part, did not have time to save the deletion log
VictimInvalid Date
That was not the deal. You confirmed you would provide the complete file trees and proof of deletion / shred logs. We are working on 3 other recovery cases with your group and now we have to tell all our clients and their legal, advisors that you are not following up on promises.
REvilInvalid Date
ok
REvilInvalid Date
Our team noticed that you have already started spreading dirty rumors to other companies. So, look, if this continues, we are starting data recovery for all the cases that we have worked with previously. Publishing all remote blogs and spreading information in the media that your companies (victims) paid us a ransom. Don't consider yourself an almighty friend. A new hacker worked with your case, who foolishly deleted the data after payment. This will no longer be the case, and rest assured that we do not store the data of the victims you paid for. Let's forget about this case and continue working. Don't try to fight.
VictimInvalid Date
ok