Marco A. De Felice (aka @amvinfe) had a bird’s eye view of negotiations between a Brazilian credit recovery and financial solutions firm and the Hive ransomware team. He also got to track the victim’s payment over wallets.
Reading his partial transcript from the negotiations, the victim quickly went from an offer of $50k — an offer that was roundly refused — to agreeing to pay $500k. From the transcript and SuspectFile’s report:
Hive: Hello 50K is out of question and not even close to our demand
our initial demand is 700K if you are serious offer us a real offer once we agreed on the price we will send you the payment procedureThe surprising thing is that after only nine minutes the victim responds with these words
Victim: Hello, I received payment authorization for 500K usd today.
we have a deal
Whats the next step sir?
Read more at SuspectFile.
It’s not clear from what has been made public whether the firm, whose name SuspectFile omitted, plans on informing those whose personal information may have been acquired originally by Hive. The firm indicated that it would not notify law enforcement. What about data subjects?