What is Ransomch(.)at?
This project was started in May 2023 by Valéry Rieß-Marchive, editor-in-chief at LeMagIT, and ransomware researcher. Here you'll find real world ransomware negotiations. Ransomware negotiations are usually not shared widely, limiting the understanding of the process. This project aims at changing that, in a respectful manner for the victims of cyberattacks: chats are redacted and anonymized as long as the victim hasn't been publicly disclosed, either by the attackers or in the media.
Contributing to the Project
You have copies of negotiations? You're more than welcome to contribute. You can find some parsers ready to use to help you with that. Or you can send me an email: [email protected]
If you want to contribute ransom chats yourself, note that none will be published without your clear agreement to their parsing and redaction.
Acknowledgments & Research
@thomfredev
Thanks for the original
reading app that used to be running here.
@g0njxa, Rakesh Krishnan & @JMousqueton
Thanks for the ransom chats you contributed to the project.
Calvin So
Thanks for the stylometric analysis research
here and
there.
Anastasia Sentsova (Analyst1)
John Hammond (Huntress Labs)
Made a
full video on ransomware negotiations using the chats in this repository.
Mikko Hypponen (WithSecure)
Mentioned this project during his
keynote at RSA Conference 2024.
Anastasia Sentsova & Jon DiMaggio
Their
analysis of some specifics of negotiations with Akira.
Jean-Yves Marion (Lorraine University)
Tom Meurs, Anna Cartwright, Edward Cartwright, Harold Houba, and Daniel Woods
Their
research reveals counterintuitive patterns in ransomware victim payment behavior and identifies the key factors that influence negotiation outcomes. It shows that victims are more likely to pay ransomware demands when attackers use a high initial price followed by large discounts, rather than when presented with low fixed-price demands from the start.
