Have you ever wondered how ransoms are negotiated during cyberattacks? The ransomch.at site answers some of your questions by compiling dozens of discussions between cybercriminal gangs and their victims. Sometimes, the exchanges are frankly surprising between well-known companies and groups such as REvil, Conti or Lockbit 3.0.
Behind the scenes of the negotiations between La Poste Mobile and Lockbit
Ransomchat is based on data published on Github by Valery Marchive (Casualtek), founder of Le Mag IT. “Ransomware negotiations are typically not widely shared, limiting understanding of the processis it written on the Github page. This project aims to change that in a respectful way for victims of cyberattacks: chats are anonymized as long as the victim has not been disclosed publicly, either by the attackers or in the media.”
We thus discover a long-term conversation between a negotiator from La Poste Mobile – victim of a cyberattack at the beginning of July 2022 – and a member of Lockbit 3.0. The high French standing is maintained with delicate hints of sarcasm and humor throughout the exchange. The French negotiator multiplies the literal translations of French expressions such as “prepare the terrain” (prepare the ground) Or “to each his own cross” (each his cross). The La Poste Mobile negotiator also indicates that he has contracted Covid-19. And since the conversation is spread over several days, the interlocutor asks him for news of his state of health.
A means of awareness and prevention
Some conversations also show the “leniency” of certain groups, which seem not to be reluctant to “help” the companies to fix certain flaws after the payment of the ransom. According to the holding of the exchange, certain “promotions” are also practiced. But if some of these exchanges are amusing, remember that computer attacks, sometimes concerning critical infrastructures, potentially endanger the lives of humans.
According to SaxX, a hacker who has already appeared in our columns about the Russian-Ukrainian cyberwar, the publication of these conversations is interesting “because we find out a bit about how certain companies are managing the crisis or not, what they are implementing or not, or even their level of maturity”. If he judges certain exchanges “uplifting for both cybercriminals and companies”these documents are an excellent “means of raising awareness but above all of prevention” against cyber risks.