topackt.com
Speaking with LOCKBIT
Victim #112
You can attach a few files for test decryption by packing them into an archive with zip, rar, tar, 7zip, 7z, tar.gz extensions of no more than 10 megabytes using the attach button directly in the chat. If your archive weighs more than 10 megabytes, please use our file sharing service. http://lockbitfss2w7co3ij6am6wox4xcurtgwukunx3yubcoe5cbxiqakxqd.onion http://lockbitfsvf75glg226he5inkfgtuoakt4vgfhd7nfgghx5kwz5zo3ad.onion http://lockbitfskq2fxclyfrop5yizyxpzu65w7pphsgthawcyb4gd27x62id.onion For security reasons we do not click on other links you send in chat. Please wait for a reply, sometimes it takes several hours due to possible time zone differences.
Fri Jan 17 2025 18:40:54 GMT+0000 (Coordinated Universal Time)
Victim #112
Hi
Fri Jan 17 2025 18:42:00 GMT+0000 (Coordinated Universal Time)
Victim #112
my files are encrypted
Fri Jan 17 2025 18:46:00 GMT+0000 (Coordinated Universal Time)
Victim #112
can you help me
Fri Jan 17 2025 18:49:42 GMT+0000 (Coordinated Universal Time)
LOCKBIT
~~~ You have been attacked by LockBit 4.0 - the fastest, most stable and immortal ransomware since 2019 ~~~~ DO NOT WASTE TIME or your sensitive files will be PUBLISHED. as you probably already know most of your systems are encrypted and data was stolen. we stole ALL! databases and ALL! management shares from ALL! servers with sensitive data (total +4TB) on servers that are not encrypted too! You can attach a few files for test decryption by packing them into an archive with zip, rar, tar, 7zip, 7z, tar.gz extensions of no more than 10 megabytes using the attach button directly in the chat. Tell us filepaths and we will show proof of stolen data. For security reasons we do not click on other links you send in chat. Please wait for a reply, sometimes it takes several hours due to possible time zone differences. We will offer decryption and deletion of all data for 110k$ in btc or 90k$ in xmr. price is suspect to change. Upload to blog already started but we will stop after settlement. do not waste yours and our time.
Fri Jan 17 2025 19:25:07 GMT+0000 (Coordinated Universal Time)
Victim #112
i have a path yes its desktop folder a file DaviniLok.xlsx that i need and loots more files from my desktop
Fri Jan 17 2025 19:29:58 GMT+0000 (Coordinated Universal Time)
LOCKBIT
We didnt copy desktops too much nonsense. If you send a few encrypted file we'll do test decryption
Fri Jan 17 2025 19:31:11 GMT+0000 (Coordinated Universal Time)
LOCKBIT
we dumped postgres databases and downloaded all management shares
Fri Jan 17 2025 19:32:05 GMT+0000 (Coordinated Universal Time)
Victim #112
i cant upload the file i got errors my browser works also not good anymore it closes randomly. can you help ,me
Fri Jan 17 2025 19:35:08 GMT+0000 (Coordinated Universal Time)
LOCKBIT
Do you use the latest version of Tor Browser? https://www.torproject.org/download/
Fri Jan 17 2025 19:35:49 GMT+0000 (Coordinated Universal Time)
Victim #112
yes i got this instructions from you ~~~ You have been attacked by LockBit 4.0 - the fastest, most stable and immortal ransomware since 2019 ~~~~ >>>>> You must pay us. Tor Browser Links BLOG where the stolen infortmation will be published: ( often times to protect our web sites from ddos attacks we include ACCESS KEY - ADTISZRLVUMXDJ34RCBZFNO6BNKLEYKYS5FZPNNXK4S2RSHOENUA ) http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/ http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/ http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/ http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/ http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/ http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/ http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/ >>>>> What is the guarantee that we won't scam you? We are the oldest extortion gang on the planet and nothing is more important to us than our reputation. We are not a politically motivated group and want nothing but financial rewards for our work. If we defraud even one client, other clients will not pay us. In 5 years, not a single client has been left dissatisfied after making a deal with us. If you pay the ransom, we will fulfill all the terms we agreed upon during the negotiation process. Treat this situation simply as a paid training session for your system administrators, because it was the misconfiguration of your corporate network that allowed us to attack you. Our pentesting services should be paid for the same way you pay your system administrators' salaries. You can get more information about us on Elon Musk's Twitter at https://twitter.com/hashtag/lockbit?f=live. >>>>> Warning! Do not delete or modify encrypted files, it will lead to irreversible problems with decryption of files! >>>>> Don't go to the police or the FBI for help and don't tell anyone that we attacked you. They will forbid you from paying the ransom and will not help you in any way, you will be left with encrypted files and your business will die. >>>>> When buying bitcoin, do not tell anyone the true purpose of the purchase. Some brokers, especially in the US, do not allow you to buy bitcoin to pay ransom. Communicate any other reason for the purchase, such as: personal investment in cryptocurrency, bitcoin as a gift, paying to buy assets for your business using bitcoin, cryptocurrency payment for consulting services, cryptocurrency payment for any other services, cryptocurrency donations, cryptocurrency donations for Donald Trump to win the election, buying bitcoin to participate in ICO and buy other cryptocurrencies, buying cryptocurrencies to leave an inheritance for your children, or any other purpose for buying cryptocurrency. Also you can use adequate cryptocurrency brokers who do not ask questions for what you buy cryptocurrency. >>>>> After buying cryptocurrency from a broker, store the cryptocurrency on a cold wallet, such as https://electrum.org/ or any other cold cryptocurrency wallet, more details on https://bitcoin.org By paying the ransom from your personal cold cryptocurrency wallet, you will avoid any problems from regulators, police and brokers. >>>>> Don't be afraid of any legal consequences, you were very scared, that's why you followed all our instructions, it's not your fault if you are very scared. Not a single company that paid us has had issues. Any excuses are just for insurance company to not pay on their obligation. >>>>> You need to contact us via TOR darknet sites with your personal ID Download and install Tor Browser https://www.torproject.org/ Write to the chat room and wait for an answer, we'll guarantee a response from us. If you need a unique ID for correspondence with us that no one will know about, ask it in the chat, we will generate a secret chat for you and give you ID via private one-time memos service, no one can find out this ID but you. Sometimes you will have to wait some time for our reply, this is because we have a lot of work and we attack hundreds of companies around the world. Tor Browser personal link for CHAT available only to you: ( often times to protect our web sites from ddos attacks we include ACCESS KEY - ADTISZRLVUMXDJ34RCBZFNO6BNKLEYKYS5FZPNNXK4S2RSHOENUA ) http://rbuqsricjycmlv4hkh6cuwpefhgzzgthhxr2ackqwnv2ex23yqkfmuqd.onion Tor Browser Links for CHAT ( often times to protect our web sites from ddos attacks we include ACCESS KEY - ADTISZRLVUMXDJ34RCBZFNO6BNKLEYKYS5FZPNNXK4S2RSHOENUA ) http://lockbitspyakyequybgwgwauhzqxx7ba2gh3lmlj3zyeuaknrexdzfid.onion http://lockbitspxmqqfi6bw4y7f5psnpoaakhlisdx33busmnpgtimart5fad.onion http://lockbitspxgtf65ej7uu5h7qtephbevcsc2sk2brxzmt754etrrzhdqd.onion http://lockbitspudgjptrzadjzi7b4n2nw3yq6aqqqqw6wbrrjkr2ffuhkhyd.onion http://lockbitsptqsmaf56cmo7bieqwh5htlsfkodpahsaurxlquoz67zwrad.onion >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>> Your personal identifier to communicate with us ID: 4D4D171AFC1FAE706B6C6E6F70717273 <<<<< >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>> Want a lamborghini, a ferrari and lots of titty girls? Sign up and start your pentester billionaire journey in 5 minutes with us. ( often times to protect our web sites from ddos attacks we include ACCESS KEY - ADTISZRLVUMXDJ34RCBZFNO6BNKLEYKYS5FZPNNXK4S2RSHOENUA ) http://lockbitapyx2kr5b7ma7qn6ziwqgbrij2czhcbojuxmgnwpkgv2yx2yd.onion http://lockbitapyum2wks2lbcnrovcgxj7ne3ua7hhcmshh3s3ajtpookohqd.onion http://lockbitapp24bvbi43n3qmtfcasf2veaeagjxatgbwtxnsh5w32mljad.onion http://lockbitapo3wkqddx2ka7t45hejurybzzjpos4cpeliudgv35kkizrid.onion http://lockbitapiahy43zttdhslabjvx4q6k24xx7r33qtcvwqehmnnqxy3yd.onion Version: LockBitBlack4.0-rc-001
Fri Jan 17 2025 19:36:37 GMT+0000 (Coordinated Universal Time)
LOCKBIT
yes. so what is the problem?
Fri Jan 17 2025 19:36:56 GMT+0000 (Coordinated Universal Time)
LOCKBIT
Who are we talking to? User or Admin?
Fri Jan 17 2025 19:37:12 GMT+0000 (Coordinated Universal Time)
Victim #112
i am from the staff. i am one of the computer study teachers, helping to manage our data. i know a bit if you send me an instruction i think i can fix our computers again
Fri Jan 17 2025 19:39:43 GMT+0000 (Coordinated Universal Time)
LOCKBIT
What institution do you belong to? topackt?
Fri Jan 17 2025 19:40:07 GMT+0000 (Coordinated Universal Time)
Victim #112
as far i know they manage a part of our network. but i am part of the a school
Fri Jan 17 2025 19:42:16 GMT+0000 (Coordinated Universal Time)
LOCKBIT
which one
Fri Jan 17 2025 19:42:32 GMT+0000 (Coordinated Universal Time)
LOCKBIT
entire topackt network has been attacked. its their fault for unsecure systems. we are here to help resolve this for the better of both sides.
Fri Jan 17 2025 19:45:16 GMT+0000 (Coordinated Universal Time)
Victim #112
Sorry got disconnected again thats our address and name Universität Mannheim 68131 Mannheim
Fri Jan 17 2025 19:47:19 GMT+0000 (Coordinated Universal Time)
LOCKBIT
You are using dnsx.topackt.net as domain?
Fri Jan 17 2025 19:51:14 GMT+0000 (Coordinated Universal Time)
LOCKBIT
For Active Directory?
Fri Jan 17 2025 19:51:43 GMT+0000 (Coordinated Universal Time)
LOCKBIT
can you tell which SERVERxx your network is using?
Fri Jan 17 2025 19:53:32 GMT+0000 (Coordinated Universal Time)
Victim #112
i asked colleges we are not sure about the serverXX details. i think that is managed by our external domain manager. dns is correct
Fri Jan 17 2025 19:59:12 GMT+0000 (Coordinated Universal Time)
LOCKBIT
how many servers/machines are affected from you?
Fri Jan 17 2025 20:00:07 GMT+0000 (Coordinated Universal Time)
LOCKBIT
We will offer decryption and deletion of all data from entire topackt network for 110k$ in btc or 90k$ in xmr.
Fri Jan 17 2025 20:04:39 GMT+0000 (Coordinated Universal Time)
Victim #112
i dont need topackt stuff just our school please its about 20 computers
Fri Jan 17 2025 20:05:26 GMT+0000 (Coordinated Universal Time)
Victim #112
at least where we found corrupted files.
Fri Jan 17 2025 20:06:52 GMT+0000 (Coordinated Universal Time)
Victim #112
and i checked thats not possible to pay for us we are just a small school its about 21109767 US Dollars
Fri Jan 17 2025 20:11:33 GMT+0000 (Coordinated Universal Time)
LOCKBIT
you misunderstood. 110 000 US Dollars in Bitcoin or 90 000 US Dollars in Monero
Fri Jan 17 2025 20:20:21 GMT+0000 (Coordinated Universal Time)
LOCKBIT
unfortunately we can't offer you decryptor for single institution. decryptor is for entire topackt system. we can't guarantee you are not giving it away for lower price you should probably contact topackt and demand resolution with us.
Fri Jan 17 2025 20:20:49 GMT+0000 (Coordinated Universal Time)
LOCKBIT
that is low price in comparison to network size and data stolen
Fri Jan 17 2025 20:21:37 GMT+0000 (Coordinated Universal Time)
LOCKBIT
if you have any more questions please let us know
Fri Jan 17 2025 20:21:55 GMT+0000 (Coordinated Universal Time)
LOCKBIT
we are sorry that we cant help you
Fri Jan 17 2025 20:25:04 GMT+0000 (Coordinated Universal Time)
LOCKBIT
if you contact topackt please let us know!
Fri Jan 17 2025 20:27:24 GMT+0000 (Coordinated Universal Time)
Victim #112
i will contact you later again i try call them if they will contact with you
Fri Jan 17 2025 20:27:34 GMT+0000 (Coordinated Universal Time)
LOCKBIT
okay
Fri Jan 17 2025 20:27:45 GMT+0000 (Coordinated Universal Time)
LOCKBIT
What do you think how long do you need for answer?
Fri Jan 17 2025 20:28:23 GMT+0000 (Coordinated Universal Time)
Victim #112
could take until monday i cant reach them now its weekend
Fri Jan 17 2025 20:31:23 GMT+0000 (Coordinated Universal Time)
LOCKBIT
could you please open cmd on an infected computer and send us output of these two commands: "ipconfig" and "set" first one prints network address and second prints environment variables, both do not contain sensitive information (you can confirm with google before running these)
Fri Jan 17 2025 20:33:32 GMT+0000 (Coordinated Universal Time)
LOCKBIT
any update?
Mon Jan 20 2025 12:30:40 GMT+0000 (Coordinated Universal Time)
LOCKBIT
We did not receive any further update from the other chat. Because of this contact we stopped publishing, because of negotiation. So we will restart publishing of files, if you do not respond in the next 24h
Mon Feb 03 2025 15:23:34 GMT+0000 (Coordinated Universal Time)
LOCKBIT
Why no communication from your side? Not interested in solving this?
Wed Feb 05 2025 17:59:25 GMT+0000 (Coordinated Universal Time)
LOCKBIT
We would advise you doing this. There are already people that are interested in this data and would pay money for it. Do you need more time? It would be better for you if you would answer us. We want to solve this case too, probably as you too.
Wed Feb 05 2025 18:00:52 GMT+0000 (Coordinated Universal Time)
LOCKBIT
Do you want proof of stolen data? We will of course send. Do you want file list or files? Just tell us filenames and we will send.
Wed Feb 05 2025 18:01:38 GMT+0000 (Coordinated Universal Time)
LOCKBIT
what are you waiting for or why are you revisiting the site if you do not want to communicate with us?
Wed Mar 26 2025 22:10:28 GMT+0000 (Coordinated Universal Time)
End of chat