We have about a terabyte and a half of your customer data
Víctima
ok how do we know that
Víctima
We can provide you file tree of stolen data
Víctima
let me see that
Víctima
You choose any two files of no more than a megabyte from the ones we stole and we can give them to you.
Víctima
you dont even know who's data you have stolen
Víctima
show me that customer data you think you hv stole it
Víctima
File: [banksbitree.zip]
Víctima
File: [proofs.zip]
Víctima
BSMCOLLECTION Database (check your last backup from it) - a lot of customers data Some interesting from SPM-HESTU - a lot of customers data Medalion Some from Swift
Víctima
what price do you want?
Víctima
It depends on your greed, what can the largest bank in the country with multibillion-dollar revenues offer me for a quality pentest of your corporate network?
Víctima
It looks like you want big things, if that's the case, we'll confirm with other things, do you have a stolen username, password, like a pin or something else?
Víctima
You will find out about this after all the stolen data is published, in case you do not want to pay for a quality pentest of your corporate network.
Víctima
ok, can I buy for 100,000 USD? you like?
Víctima
20 000 000 $
Víctima
why is it so big, at least give us 1 sample username and password you stole we will take it at 10,000,000 dollars
Víctima
Your competitors and scammers will be looking for logins and passwords in the databases after the data is published.
Víctima
So is there anyone else who wants to buy it?
Víctima
We will not disclose this information.
Víctima
An example of a login to the Internet banking.
Víctima
202194016611 20Darkstar94!
Víctima
Would you be more comfortable paying in bitcoin or monero?
Víctima
Be a man, promise - do it.
Análisis del agente IA (defensivo)
Analiza esta negociación con IA (tácticas, errores, recomendaciones) solo cuando lo pidas.
Consejos de defensa
No respondas ni negocies sin tu equipo legal y de respuesta a incidentes.
Nunca pagues sin evaluar implicaciones legales/sancionatorias; pagar no garantiza recuperación.
Aísla los sistemas afectados y preserva evidencia antes de cualquier acción.
Activa tus respaldos offline probados; valida su integridad.
Contacta a tu CSIRT/CERT nacional y a las autoridades.
El atacante presiona con plazos y miedo: gana tiempo, no decidas en caliente.
Aviso: conversación divulgada públicamente, mostrada solo con fines educativos y de investigación defensiva. Enlaces, wallets y datos de contacto están redactados. No es asesoría legal.