bytesandmore.com
Speaking with LOCKBIT
Victim #263
You can attach a few files for test decryption by packing them into an archive with zip, rar, tar, 7zip, 7z, tar.gz extensions of no more than 10 megabytes using the attach button directly in the chat. If your archive weighs more than 10 megabytes, please use our file sharing service. http://lockbitfss2w7co3ij6am6wox4xcurtgwukunx3yubcoe5cbxiqakxqd.onion http://lockbitfsvf75glg226he5inkfgtuoakt4vgfhd7nfgghx5kwz5zo3ad.onion http://lockbitfskq2fxclyfrop5yizyxpzu65w7pphsgthawcyb4gd27x62id.onion For security reasons we do not click on other links you send in chat. Please wait for a reply, sometimes it takes several hours due to possible time zone differences.
Sat Apr 19 2025 06:37:36 GMT+0000 (Coordinated Universal Time)
Victim #263
Sat Apr 19 2025 09:03:29 GMT+0000 (Coordinated Universal Time)
Victim #263
Hello, we sent you encrypted files. Please decrypt and tell us what we have to do to get all our data back
Sat Apr 19 2025 09:11:11 GMT+0000 (Coordinated Universal Time)
LOCKBIT
hello, wait
Sat Apr 19 2025 10:51:53 GMT+0000 (Coordinated Universal Time)
Victim #263
do you have any information for us?
Sat Apr 19 2025 14:21:29 GMT+0000 (Coordinated Universal Time)
LOCKBIT
yes
Sat Apr 19 2025 14:54:27 GMT+0000 (Coordinated Universal Time)
LOCKBIT
We attacked the following list of companies through your network: www.extragent.ch www.bachmann-rimensberger.ch www.kmpag.ch www.gms-technik.com www.storosol.ch www.gammacard.ch www.bp-ing.ch www.kopitsis.com www.kopp-metallveredlung.ch www.innofact-suisse.ch www.baku.ch www.najid.ch www.zahnarztpraxismutschellen.ch www.summit-treuhand.ch www.zhsh.metaltecsuisse.ch www.profrose.ch www.bau-recht.ch www.kfc-suisse.ch www.promrisk.ch www.lanz-partner.ch www.ledtex.ch www.maadan.ch www.marketagent-schweiz.ch www.n-protec.com In addition to crypto systems, we downloaded 2 TB of data. If you want to solve the problem, then pay the ransom.
Sat Apr 19 2025 20:28:21 GMT+0000 (Coordinated Universal Time)
LOCKBIT
Sun Apr 20 2025 00:41:33 GMT+0000 (Coordinated Universal Time)
LOCKBIT
This file (zabbix_agent2.log.old.5984de3d3b75) has a different ID, please find another note and enter the chat
Sun Apr 20 2025 00:44:10 GMT+0000 (Coordinated Universal Time)
Victim #263
how much is the ransom ?
Sun Apr 20 2025 06:40:28 GMT+0000 (Coordinated Universal Time)
Victim #263
and can you provide a list of file names that were stolen? we would also have to inform our customers
Sun Apr 20 2025 07:14:00 GMT+0000 (Coordinated Universal Time)
LOCKBIT
Sun Apr 20 2025 07:53:22 GMT+0000 (Coordinated Universal Time)
LOCKBIT
Everything is ok, the second file is decrypted
Sun Apr 20 2025 07:53:22 GMT+0000 (Coordinated Universal Time)
Victim #263
the second file is corrupt at the end or is it not ?
Sun Apr 20 2025 10:03:05 GMT+0000 (Coordinated Universal Time)
LOCKBIT
Please send more files for testing, the corrupted ones are excluded
Sun Apr 20 2025 10:24:07 GMT+0000 (Coordinated Universal Time)
Victim #263
We will do, its not so easy to find small files how much is the ransom, we would please like to know
Sun Apr 20 2025 10:25:46 GMT+0000 (Coordinated Universal Time)
LOCKBIT
At the moment, our team of lawyers is studying your financial documentation, today we are not ready to name the price for you.
Sun Apr 20 2025 11:21:53 GMT+0000 (Coordinated Universal Time)
Victim #263
good morning do you have an update for us?
Tue Apr 22 2025 06:12:56 GMT+0000 (Coordinated Universal Time)
LOCKBIT
wait
Tue Apr 22 2025 09:30:07 GMT+0000 (Coordinated Universal Time)
LOCKBIT
2kk usd
Tue Apr 22 2025 11:17:24 GMT+0000 (Coordinated Universal Time)
Victim #263
is that 2 million USD or 200.000 USD?
Tue Apr 22 2025 11:47:42 GMT+0000 (Coordinated Universal Time)
Victim #263
we would like to have a list of the extracted files if thats possible - we would need some solid proof for 2 mio USD
Tue Apr 22 2025 13:55:18 GMT+0000 (Coordinated Universal Time)
LOCKBIT
http://lockbitfskq2fxclyfrop5yizyxpzu65w7pphsgthawcyb4gd27x62id.onion/r/dMyCJVQVKD#ehUDCgKJtapTNv9t3Vrvqqxy49cbOISjJFE8T6BF9Vo=
Tue Apr 22 2025 16:46:40 GMT+0000 (Coordinated Universal Time)
Victim #263
just to clarfiy for us since we have to discuss this with the 24 companies that are impacted, there is just 1 decryptor and we can't do it company by company, right ?
Wed Apr 23 2025 06:19:08 GMT+0000 (Coordinated Universal Time)
LOCKBIT
yes
Wed Apr 23 2025 11:57:01 GMT+0000 (Coordinated Universal Time)
Victim #263
yeah well we discussed it with the companies and just very few want to pay, if we put the money together what they individually are ready to pay we are at about 200.000 USD. Are there any possible other ways?
Wed Apr 23 2025 12:35:07 GMT+0000 (Coordinated Universal Time)
LOCKBIT
Are you sure you want to lose your reputation? We will tell every company that the hack happened because of your negligence
Wed Apr 23 2025 12:39:35 GMT+0000 (Coordinated Universal Time)
Victim #263
we are a small hosting company, it is now in our decision to pay this, you must know this
Wed Apr 23 2025 12:40:16 GMT+0000 (Coordinated Universal Time)
LOCKBIT
What do you think will happen to your company if we publish all the data on each company?
Wed Apr 23 2025 12:42:34 GMT+0000 (Coordinated Universal Time)
Victim #263
how do you think we could pay 2 million USD when we are just a small company? we could not even if we would like to
Wed Apr 23 2025 12:43:07 GMT+0000 (Coordinated Universal Time)
LOCKBIT
You can collect this money from your clients' companies.
Wed Apr 23 2025 12:43:47 GMT+0000 (Coordinated Universal Time)
Victim #263
thats what we asked them but they don't want to pay, all the companies who want to pay can put 200.000 USD together, the big ones had offline backups and do not want to pay anything
Wed Apr 23 2025 12:44:48 GMT+0000 (Coordinated Universal Time)
LOCKBIT
Explain what will happen if their data is published.
Wed Apr 23 2025 12:45:32 GMT+0000 (Coordinated Universal Time)
Victim #263
they know, we communicated with all of them but we can't make them pay since only 20% of the companies want to pay something
Wed Apr 23 2025 12:49:32 GMT+0000 (Coordinated Universal Time)
Victim #263
how does this normally work when you hack 20 companies and half of them does not want to pay? can we say "this 5 companies paid and don't make their data public"?
Wed Apr 23 2025 12:52:07 GMT+0000 (Coordinated Universal Time)
LOCKBIT
Then you won't get a decryptor. For $200,000 we can just forget about these companies and not list them
Wed Apr 23 2025 13:00:06 GMT+0000 (Coordinated Universal Time)
Victim #263
yeah the small companies need the decryptor and thats what they would pay the 200.000 USD for
Wed Apr 23 2025 13:02:15 GMT+0000 (Coordinated Universal Time)
LOCKBIT
We can't do it like that. Everyone has to pay.
Wed Apr 23 2025 13:02:49 GMT+0000 (Coordinated Universal Time)
LOCKBIT
Because either everyone or no one will get the decryptor
Wed Apr 23 2025 13:03:03 GMT+0000 (Coordinated Universal Time)
Victim #263
yeah can you give us the decryptor for 200.000 USD? they can't pay more really
Wed Apr 23 2025 15:15:54 GMT+0000 (Coordinated Universal Time)
Victim #263
or how much would be just the decryptor?
Wed Apr 23 2025 17:21:46 GMT+0000 (Coordinated Universal Time)
LOCKBIT
2 million USD
Wed Apr 23 2025 20:01:46 GMT+0000 (Coordinated Universal Time)
Victim #263
we are having another round with the customers today, if we have some new information we will inform you
Thu Apr 24 2025 09:16:41 GMT+0000 (Coordinated Universal Time)
LOCKBIT
I want increase price x2 in 48 hours if you not pay
Thu Apr 24 2025 11:02:38 GMT+0000 (Coordinated Universal Time)
Victim #263
we have to coordinate more than 20 customers and we would ask you to please be patient, we do what we can to get a deal
Thu Apr 24 2025 15:41:33 GMT+0000 (Coordinated Universal Time)
LOCKBIT
So far you are only trying to lower the price, and not solve the problem.
Thu Apr 24 2025 15:42:40 GMT+0000 (Coordinated Universal Time)
Victim #263
we try to raise more money with all the customers and will tell you what we have as soon as possible
Thu Apr 24 2025 15:51:07 GMT+0000 (Coordinated Universal Time)
LOCKBIT
Listen to what I'm going to tell you now, and this is only a small part of what we realized when we studied the stolen information.
Thu Apr 24 2025 15:52:05 GMT+0000 (Coordinated Universal Time)
LOCKBIT
Analytics department report: We would like to note that among the information that was stolen from the servers, there is a lot of important data, the publication of which will cause great harm to the company, from the servers from which it was stolen. * This is personal data of employees and clients, for the disclosure of which there is a certain liability. These are copies of passports, IDs, resumes, statements, invoices, correspondence, as well as exported passwords and logins. Leakage of such data is a direct violation of the legislation on the protection of personal data. * Legal documents of companies, including financial statements, strategic documents, corporate forms, approvals and internal regulations. All of this can be used by competitors and cause legal consequences. * Corporate correspondence that reflects the company's internal processes, discussions, corporate plans, project implementation problems, complaints and reactions to them. All of this reveals the "inner workings" of the company and can be used against it. * Files with calculations and costings that reveal pricing, margin structure, and commercial strategies of the company. Leakage can undermine tender positions, lead to dumping, and loss of competitive advantage. * Commercial offers and agreements that disclose the terms of contracts with major clients, partners and contractors. If published, it may be used by competitors and may also entail legal and business liability. * Design and engineering calculations: disclosure of technologies, technical solutions, non-standard methods and materials. This may lead to the loss of know-how and a threat to patent security. * Correspondence with clients and contractors, letters, discussions of working conditions, negotiations. Disclosure of such data may compromise trust, violate confidentiality and cause reputational damage. * Intellectual property: templates, standards, methods, typical calculations, engineering concepts, documentation on specialized solutions. This is the basis of competitiveness, and its leakage can cause serious damage. * Architectural and construction plans of objects: detailed drawings, room plans, facades, assembly units. Particularly critical for healthcare facilities, educational institutions and government infrastructure. Leakage of this data is a direct threat to security.
Thu Apr 24 2025 15:56:27 GMT+0000 (Coordinated Universal Time)
Victim #263
is it possible if we pay from different bitcoin wallets? we are trying to consolidate the money, but as you know it is complicated with that many companies
Fri Apr 25 2025 10:06:24 GMT+0000 (Coordinated Universal Time)
Victim #263
as of now, we have about 1.281.000 swiss franks collected which is roughly 1.540.000 USD, would you be able to settle on this if we can transform that money into BTC?
Fri Apr 25 2025 10:17:34 GMT+0000 (Coordinated Universal Time)
LOCKBIT
You can transfer this money to your wallet and we will give you time to collect the remaining money.
Fri Apr 25 2025 10:55:13 GMT+0000 (Coordinated Universal Time)
Victim #263
we started the onboarding process with the bank and the customers will transfer the money as soon as possible, it should be there on monday / tuesday and we can then buy the BTC and pay, thank you for your patience so far
Fri Apr 25 2025 10:57:15 GMT+0000 (Coordinated Universal Time)
LOCKBIT
Give me the exact date and time when the payment will be made, otherwise my boss will make a fundamental decision and increase the amount to 4 million.
Fri Apr 25 2025 11:00:23 GMT+0000 (Coordinated Universal Time)
Victim #263
we do now know since we do not know how long it takes for all companies to transfer the money to the BTC bank but it should be within next week
Fri Apr 25 2025 11:03:39 GMT+0000 (Coordinated Universal Time)
LOCKBIT
Wouldn't it be easier for you to collect all the money in your account and buy bitcoin yourself?
Fri Apr 25 2025 11:04:16 GMT+0000 (Coordinated Universal Time)
Victim #263
the process is that we buy the BTC with a neutral bank to have the trust between all the customers also
Fri Apr 25 2025 11:07:15 GMT+0000 (Coordinated Universal Time)
Victim #263
its not so easy to buy that amount of BTC without raising money laundering alarms in switzerland
Fri Apr 25 2025 11:08:28 GMT+0000 (Coordinated Universal Time)
LOCKBIT
Okay, do you guarantee to pay the $2 million by the end of next week?
Fri Apr 25 2025 11:09:50 GMT+0000 (Coordinated Universal Time)
Victim #263
we cannot guarantee to raise the whole 2 million since the companies for now raised 1.54 million and it is not our money. If they can raise the other half million we will transfer the money on their behalf as soon as its in the wallet and yes, we hope that this will be within the end of next week. if you can lower the price a bit - to probably 1.6 or 1.7 million they would probably be able to pay by tuesday or wednesday, that is what we can offer for now. We will have more information on monday and tuesday when the money trickles in
Fri Apr 25 2025 11:12:54 GMT+0000 (Coordinated Universal Time)
LOCKBIT
Then we expect the first transaction of $1.5 million by Tuesday inclusive.
Fri Apr 25 2025 12:14:11 GMT+0000 (Coordinated Universal Time)
LOCKBIT
time for publication and delete decryptor?
Tue Apr 29 2025 10:10:12 GMT+0000 (Coordinated Universal Time)
Victim #263
Hello. We have some information for you, but we need to wait for confirmation at around 15:30 by all the affected customers. Please stand by
Tue Apr 29 2025 10:19:08 GMT+0000 (Coordinated Universal Time)
LOCKBIT
Confirmation of what?
Tue Apr 29 2025 10:20:02 GMT+0000 (Coordinated Universal Time)
Victim #263
that we can pay the amount you asked for till the end of the week as you asked for
Tue Apr 29 2025 10:21:48 GMT+0000 (Coordinated Universal Time)
LOCKBIT
You must pay the first installment today.
Tue Apr 29 2025 10:22:16 GMT+0000 (Coordinated Universal Time)
Victim #263
we don't have the BTC now, yesterday was a bank holiday in switzerland and on thursday is another bank holiday in switzerland, but we can pay the requested amount on friday as you asked for it
Tue Apr 29 2025 10:24:04 GMT+0000 (Coordinated Universal Time)
LOCKBIT
We need the first transfer today. You can start buying bitcoin now and then you will have time for everything.
Tue Apr 29 2025 10:24:50 GMT+0000 (Coordinated Universal Time)
Victim #263
as said, we have a lot of customers in the background and this takes time .. the affected companies came to the agreement to transfer the 2 million USD on friday - as you requested, we don't have any other chance to get that amount of BTC so please confirm the deal - friday 2 million USD in exchange for: -deletion of files -decryptor from your side -you won't attack any of the impacted companies again please also ask your boss if this is ok, since we need the definitive confirmation and since thursday is a banking holiday we can't get them sooner and we will transfer the whole amount at once on friday
Tue Apr 29 2025 10:32:55 GMT+0000 (Coordinated Universal Time)
Victim #263
we will also send 2 more pdf files for you to decrypt since the decryption didn't work with the other provided files, please decrypt them for confirmation
Tue Apr 29 2025 10:36:23 GMT+0000 (Coordinated Universal Time)
Victim #263
Tue Apr 29 2025 10:37:28 GMT+0000 (Coordinated Universal Time)
LOCKBIT
Okay, we confirm everything, but we need an advance. Otherwise, my boss will increase the ransom amount. He is a man of principle, I cannot negotiate with him myself.
Tue Apr 29 2025 10:39:51 GMT+0000 (Coordinated Universal Time)
Victim #263
we cannot send BTC now since we buy them in bulk with a bank, so there is nothing we can send in advance. The amount of 2 million USD can be confirmed and friday can also be confirmed, we stand by our word and we hope you do so too. Please give the deal to your bosses so we can confirm everything and close this. the whole amount will be transferred on friday if the decryption of the PDFs work
Tue Apr 29 2025 10:41:43 GMT+0000 (Coordinated Universal Time)
LOCKBIT
21.1 BTC all amount
Tue Apr 29 2025 10:42:55 GMT+0000 (Coordinated Universal Time)
Victim #263
yes
Tue Apr 29 2025 10:43:48 GMT+0000 (Coordinated Universal Time)
LOCKBIT
ok, wait test decrypt
Tue Apr 29 2025 10:44:07 GMT+0000 (Coordinated Universal Time)
LOCKBIT
I'll ask my boss to give you a chance to pay on Friday. I can't promise anything yet.
Tue Apr 29 2025 10:44:40 GMT+0000 (Coordinated Universal Time)
Victim #263
we have public bank holidays with monday and thursday in switzerland, we have 20 companies where you all used the same encryption key which complicated things a lot for us and we have 2 million usd which we can transfer in BTC on friday, we think this is a good deal and we hope your boss does the same
Tue Apr 29 2025 10:48:58 GMT+0000 (Coordinated Universal Time)
LOCKBIT
Do you guarantee payment on Friday?
Tue Apr 29 2025 11:07:12 GMT+0000 (Coordinated Universal Time)
Victim #263
yes, we will transfer the BTC on friday
Tue Apr 29 2025 11:07:33 GMT+0000 (Coordinated Universal Time)
LOCKBIT
Tue Apr 29 2025 11:46:43 GMT+0000 (Coordinated Universal Time)
Victim #263
we just got the confirmation from one company that the decryption was working, so thank you for that
Tue Apr 29 2025 12:36:02 GMT+0000 (Coordinated Universal Time)
Victim #263
the only thing missing is now the confirmation that the 2 million usd on friday is the final deal if the swift transactions are faster and we have the BTC before friday, will we be able to close the deal before ? will this channel be monitored?
Tue Apr 29 2025 12:40:22 GMT+0000 (Coordinated Universal Time)
LOCKBIT
Yes, the amount in Bitcoin indicated above is final. The sooner you close the deal, the better.
Tue Apr 29 2025 12:45:39 GMT+0000 (Coordinated Universal Time)
Victim #263
ok, so the deal is final, 2 million usd latest on friday, 2nd May 2025? please confirm
Tue Apr 29 2025 12:47:48 GMT+0000 (Coordinated Universal Time)
LOCKBIT
yes
Tue Apr 29 2025 12:50:34 GMT+0000 (Coordinated Universal Time)
Victim #263
we will forward that information to our customers and inform you when we are ready to transfer the money
Tue Apr 29 2025 12:51:33 GMT+0000 (Coordinated Universal Time)
LOCKBIT
We have agreed. We are waiting for your payment. Now I will send two wallets and the amounts that need to be sent to them.
Tue Apr 29 2025 13:09:16 GMT+0000 (Coordinated Universal Time)
End of chat