When ALPHV/BlackCat sent their first ransom email to HWL Ebsworth on 26 April 2023, the opening line read like a parody of commercial correspondence. "hello. The largest legal partnership in Australia now have a big problem with your data leak. 4TB data has been downloaded from company file servers…" Two days later, after HWLE failed to engage, the operators pressed again: "What have you decided? We will make a good discount, suitable for redemption. This is our offer."
Slattery J, sitting in the Equity Division of the New South Wales Supreme Court, eventually quoted that line directly in his February 2024 judgment. He called it "a parody of a commercial transaction." The phrasing matters because almost every other piece of public commentary on ransomware negotiation either paraphrases operator messages or reports them through an intermediary. The HWLE case put them in the court record. Anyone writing about how ransomware operators negotiate with law firms can now cite the source directly.
The HWLE judgment, HWL Ebsworth Lawyers v Persons Unknown [2024] NSWSC 71, is one of four publicly traceable responses we now have to the same operator playbook. Together with the Akira small-firm transcript published on ransomch.at, the Pear law-firm transcript from July 2025, and the Conti operator-side commentary on a Kansas City firm that surfaced in the February 2022 ContiLeaks dump, the four records show four distinct ways law firms have actually responded when a ransom demand lands. Each carried a different cost. None matches the insurance-industry narrative cleanly.
This piece is the operator-victim dialogue counterpart to our earlier coverage of law-firm data breaches and the rhetorical register of ransom notes. Where those pieces examined the client-side exposure thesis and the demand-letter form-mapping, this one looks at what happens after the first message: the negotiation itself, and the law-firm-specific pressure points operators have learned to use.
Why law-firm negotiation is structurally different
Most ransomware-negotiation commentary treats the victim sector as background colour. Aon's Ransomware: REvil & the Increased Targeting of Law Firms (September 2020), still the most-cited piece in the territory, summarises the problem in one sentence: law firms are "a repository of highly sensitive and valuable information." That is true but incomplete. The structural points that make law-firm negotiation different from healthcare or manufacturing don't get articulated in the vendor literature, because the vendors aren't writing for principals; they're writing for risk managers.
Two structural factors do most of the work.
The first is the client-confidentiality cost asymmetry. When a manufacturer loses 4 TB of internal files, the cost of disclosure is roughly bounded: trade secrets, employee data, supplier contracts. When a law firm loses 4 TB, the cost cascades onto every client whose matters were in those files. The firm doesn't just bear the regulatory fine; it bears every notification, every malpractice exposure, every client relationship rebuilt or lost. Operators have learned this. The Pear operator, negotiating with an unnamed mid-size US firm in July 2025, made the pressure point explicit: "Files with this name are in folders with cases of 3 your clients: [Redacted] [Redacted] [Redacted]. Which folder would you like us to take it from?" That sentence does work no manufacturer negotiator would ever read.
The second is the bar-conduct exposure cap on walkaway aggression. A manufacturer can refuse to pay and absorb the publication. The board takes a quarter of reputational hit, insurance covers most of the recovery, and operations resume. A law firm cannot make that calculation the same way. State bar conduct rules, professional indemnity carriers, and partner agreements all impose constraints on how aggressively a firm can walk away from a ransom demand when that walkaway means clients learn about the breach from the dark web. The firm's options narrow. Operators know this too.
Conti operators talked about this internally. In November 2021, two operators discussed an incoming victim response and what to expect from the firm's representatives. One wrote: "if not a lawyer, then they can fuck us... because a strong lawyer will really get there and we will sit in a puddle." The leaked exchange (jabber 2021, bio↔tramp) is the cleanest evidence we have that operators register law-firm-grade representation as a real risk to their negotiation posture. They do not say this about every victim. They say it when the victim is a firm whose negotiator might know more than they do about the legal exposure on both sides.
How operators open
The opening message follows a recognisable form across operators and across years. Three elements appear in almost every law-firm ransom note we have:
- A factual claim about what was taken (volume, file types, sometimes server names)
- A demand anchored to victim financials (operators routinely cite revenue figures)
- A deadline lever (24, 48, or 72 hours, almost always followed by a "publication" threat)
HWLE's opening message included all three: 4 TB exfiltrated, $4 million USD demand, three-day deadline. The Akira operators opening with a small UK family law firm in March 2024 included the same elements: 3.78 MB file listing as proof, $2 million demand, deadline. The Pear opening to the US law firm in July 2025 listed 3.8 TB of data, a 4 BTC demand (~$480k at the time), and a defined deadline.
The revenue-anchoring is not improvised. Conti's internal records show they used commercial business-intelligence services to set the demand. The November 2021 briefing on Baty Otto Coronado Scheer (BSCR), a Kansas City defence firm, recorded the firm's revenue as "18M (avention)", meaning $18 million as reported by Avention, a B2B data service Conti subscribed to. Their leaked operator manuals show the same playbook applied across victims: research the firm on ZoomInfo and Avention, estimate revenue, calculate demand as a fraction of estimated annual turnover. This is not improvisation; it's procurement.
The opening message also does rhetorical work. We covered the form-mapping in detail in our piece on why ransom notes read like demand letters, but two operator moves recur often enough to mention here. The first is the "discount" framing: operators offer reductions as if they were running a sale, which is what Slattery J flagged in the HWLE judgment. The second is the isolation-from-law-enforcement script. HWLE's operators included a near-verbatim version of it: "Do not contact the FBI, police, or other private agencies. They do not care about your organisation, they are not going to buy you out, which entails the publication of files, and then lawsuits, fines." The script appears, in slightly different phrasings, in most law-firm ransom messages. It is meant to keep the firm inside the chat.
If your firm has been hit, or wants to know what credentials and matter-related data have already surfaced on stealer-log markets and broker channels before the next operator's reconnaissance starts, the Lockdown investigates the existing exposure.
Talk to an AnalystWhat "paying" actually looks like: the price-discovery curve
The most-cited number in ransomware-negotiation commentary is that experienced negotiators settle at "10% of the initial demand" (Aon, September 2020). The number is optimistic against the actual record.
Three transcript-anchored curves give a better picture:
Akira / small UK family law firm, March-April 2024. Initial demand $2M USD. The firm responded with a Dear-Sirs-cadenced refusal citing financial constraints and charity work. The operators moved in three steps: $2M → $1.7M → $1.5M → $1.4M, where the deal closed at 21.07 BTC. The firm paid 70% of the initial demand. The operator's "discount" language was deployed at each step ("the bosses appreciate your offer... has agreed to take a final step"). The whole arc ran ten days.
mount-locker / Indian healthcare group, October 2020. Initial demand $9M USD (this victim is not a law firm but the price-discovery is the cleanest in the dataset). The firm offered $1.74M, then negotiated up to $4.11M in a series of moves. The operators came down from $9M → $8M → $7.5M → $5M → $4.5M, and the deal closed at $4.11M, which is 46% of the initial demand.
Conti / BSCR (Baty Otto Coronado Scheer), Kansas City, November-December 2021. This is the only law-firm negotiation we can reconstruct from the operator side rather than the victim side. The Conti operators, talking to each other in their internal Jabber, recorded the firm's counter-offer as "110k instead of lam", meaning the firm offered $110,000 against whatever Conti had asked. The chat trail across late November and early December tracks the negotiation through sample-decrypt requests ("BSCR asks for 5 files"), the firm uploading 15-17 files including financial and personal records ("all 21 years, financial, budget, pictures, ID"), wallet preparation ("prepare a wallet for BSCR"), and eventual settlement. On 4 December, the operator celebrated internally: "Well, we managed to beat BSCR)))", and noted that they had "squeezed out with BSCR less" than the initial demand. The firm paid; the amount is not visible in the operator chat but the language suggests well below the opening ask.
The general pattern from the three: somewhere between 46% and 70% of the initial demand is what an experienced negotiator actually achieves. The 10% figure shows up in marketing material, not in the transcript record. When it does appear, it usually reflects an incident where the operator's position collapsed for unrelated reasons, such as backups turning out to be intact after all.
Four response modes from the record
The clearest way to organise what law firms have actually done with a ransomware demand is by response mode. Four distinct modes appear in the public record. Each carries a different cost.
Mode 1: Pay quietly, restore operations
This is what the Akira family law firm did in March-April 2024. The firm negotiated the demand down from $2M to $1.4M over ten days, ran a test BTC payment, paid 50% against proof of deletion, then paid the remainder against decryption keys. The transcript ends with the firm receiving the unlocker and Akira providing usage instructions for ESXi and Windows systems. The data did not surface publicly. The firm returned to operations.
The cost: $1.4M plus the negotiator's time plus whatever lingering operational disruption the encrypted-then-decrypted environment carried. The benefit: minimal external surface. Clients, in the absence of any external indicator of compromise, may never learn. The firm carries the breach internally.
This is the modal response for small and mid-size firms that can absorb the payment. It does not work for firms whose payment would attract scrutiny: large firms with quarterly disclosure obligations, or firms with regulators who require breach notification regardless of payment.
Mode 2: Refuse, absorb the publication
This is what most firms whose names appear on operator leak sites have done. The negotiations either never started or broke down. The operator published. The firm dealt with the consequences as a breach-notification matter rather than a negotiation outcome.
This mode is harder to evidence because the negotiation chats are usually not public, and the firms involved generally do not elaborate. Allen & Overy, attacked by LockBit in November 2023, falls in this group: the leak announcement disappeared from LockBit's site within weeks, the firm has not commented on whether a payment was made, and no transcript exists. Campbell Conroy & O'Neil, attacked by Conti in 2021, sits in the same bucket. The absence of detail is the data: firms in this mode tend not to comment, which is consistent with either quiet payment or quiet absorption.
The cost: regulatory notifications, client notifications, potential class-action exposure, and reputational impact. The benefit: no ransom paid. Whether the trade-off makes sense depends entirely on how much of the data was actually sensitive.
Mode 3: Walk away after publication starts
This is what the unnamed US law firm in the Pear/20250720 chat did. The negotiation began with the firm trying to remove its name from the operator's website ("Hello. I'm to negotiate on Case # GL57552. We finally made it here, please remove our name from your website so we can work this out"). The operator refused to remove the listing until payment was made. Over the next ten days, the operator escalated: sample files released, then larger samples, then explicit threats to email screenshots of the chat to specific clients. The firm reduced its offers, the operator reduced its demand to a $270,000 floor, and then, on the last day of the published timeline, the firm walked: "Since you chose to post our name and files on your website, we have no choice but to part ways effective immediately. It's unfortunate we couldn't reach a resolution, but sometimes things end this way. We're moving on and hope you do the same. This will be our final message. Goodbye."
The firm's calculation, visible in the transcript, was that paying $270k after the operator had already published the name and sample files would not undo the disclosure that had already taken place. The data was already out. The cost of paying would be additive, not subtractive. The firm chose to absorb what it could no longer prevent.
The cost: full publication, full client-notification obligation, full malpractice exposure. The benefit: no payment to an operator who had already broken the implicit deal.
Mode 4: Refuse and litigate
This is what HWLE did. The firm refused to negotiate from the outset, and when the operators published 1.4 TB of HWLE data on 9 June 2023, the firm responded by filing proceedings in the NSW Supreme Court Equity Division against "persons unknown." On 12 June, Hammerschlag CJ in Eq granted an interlocutory injunction. HWLE served the orders on the operators via their email address and dark web forum. On 17 June, the operators replied with three words: "fuck you faggot."
The judgment notes what happened next. By 27 June 2023, the original sample cache could no longer be found at the dark web forum where it had previously been identified. The injunction did move something. Whether the operators removed it, or platform operators removed it on receipt of the order, is not in the record. But the cache moved.
The proceedings continued through 2023 into early 2024. On 12 February 2024, Slattery J entered default judgment and made the injunction permanent. The orders bind not just the operators but anyone in possession of the dataset. HWLE can now require any platform that surfaces the data to remove it, citing the Australian court order.
The cost: legal fees, the public disclosure of the firm's name as a ransomware victim (which had already happened anyway), and ongoing enforcement work as portions of the data resurface. The benefit: a legal tool that no other response mode produces. The injunction is not a guarantee, but it gives the firm a takedown hook against third-party platforms that none of the other three modes generate.
HWLE's approach was, per the firm's own commentary, unprecedented in Australia. It is now a documented precedent. Other Australian firms in the same position can cite it. Firms in other common-law jurisdictions can adapt the structure: breach of confidence in equity, against persons unknown, with a discovery-style service mechanism.
The MELFS2 architecture point
The HWLE judgment included one technical detail that did not get much attention in the press coverage but is worth surfacing for any firm reading this. Slattery J enumerated the structure of the server from which the data was exfiltrated. The MELFS2 server in HWLE's Melbourne office contained four drives:
- Precedents Drive: precedent libraries and client reporting, primarily used by Finance, HR, and IT staff
- Groups Drive: short-term storage of large or bulk files for specific matters, plus printer scans
- Home Drive: individual desktop, download, and document folders for all employees, including personal matters mixed with client and firm-specific data
- Long Term Drive: large or bulk per-matter storage for long-term retention
The Home Drive detail is the one to note. The court found, on the evidence, that personal employee data sat on the same server as client matter files. This is the storage architecture of almost every mid-to-large law firm we have seen. Employees use the Home Drive as a working space; matter files end up there during preparation; firm-policy documents, partnership records, and personal employee data accumulate alongside. When exfiltration happens, the operator gets the lot.
The blurred-surface problem matters for negotiation because operators can and do cite specific files by name. The Pear operator naming client matter folders is not unusual; it's what an operator does when the data is sufficiently mixed for them to identify it. A firm that stores client data on partitioned, access-controlled systems gives the operator less surface to point at. The mid-incident value of architectural discipline is that it narrows the operator's range of pressure points. The pre-incident value is everything else.
Why this is not kidnap-and-ransom
Ransomware negotiation is often described as the digital descendant of kidnap-and-ransom (K&R) negotiation. The comparison is structural and useful, but it has a limit worth noting.
K&R as a profession is roughly 50 years old. It has established practitioners, established insurance products, and established expectations about how the negotiation runs: discreet, financially-bounded, focused on the safe return of the subject. Ransomware negotiation is roughly 5 years old in its current form. It inherits some K&R conventions (intermediaries who don't show their face, structured price-discovery curves, deletion-proof requirements) but it differs in one important way.
In K&R, the asset (the subject) cannot be duplicated. Once returned, the negotiation ends. In ransomware, the data has already been copied. The "deletion log" the operator provides as proof of destruction is a courtesy at best; the data may be deleted, may be retained, may have been sold to a second buyer, may resurface in three months when the operator runs out of money. The transaction does not have closure in the K&R sense.
HWLE's response acknowledges this. The injunction is not about getting the data back; it is about creating a legal tool to address future surfacing. The Akira family-firm response also acknowledges this implicitly: the firm asked, before paying, "what assurances and guarantees can you give me that our data, files, file names or company name has not already been sold or leaked". The assurance the operator gave ("You will not find a single case where we have broken an agreement or failed to fulfill any of the clauses") is, strictly, unverifiable. The firm paid anyway, because the alternative was worse. That is the K&R inheritance: pay because the alternative is worse. That is also the K&R limit: with copied data, "worse" never fully resolves.
What principals should ask their counsel
For senior partners and managing partners reading this, three questions are worth raising with counsel before a ransomware incident becomes an active one.
First, what is in the firm's engagement letter about breach notification timing? Our earlier piece on law-firm data breaches covered this in detail; the short version is that the cost of paying quietly depends on whether the firm's engagement letter requires client notification regardless of payment. If it does, Mode 1 (pay quietly) does not actually achieve what it appears to achieve.
Second, what is the firm's actual storage architecture? The MELFS2 example is illustrative because it shows what was on a single Melbourne server: personal employee data and client matter files in the same partition. Most firms have not enumerated their own storage in court-quality detail. The act of doing it pre-incident, alongside whatever cyber-readiness work the firm is otherwise doing, is itself useful.
Third, what is the firm's posture on litigation as a response option? HWLE's approach required the firm to be willing to file proceedings, serve unknown defendants, accept the public-record cost of a default judgment, and follow through over months of enforcement work. That is not a default posture for most firms. It is now a documented option for firms that want it.
None of these three questions has a service we can sell against directly. They are questions the firm has to answer for itself, before the operator's first message lands. The answers shape every subsequent decision.
Sources
Court records
- HWL Ebsworth Lawyers v Persons Unknown [2024] NSWSC 71, Slattery J, NSW Supreme Court Equity Division, 12 February 2024. Judgment text
Operator transcripts
- Akira / family law firm (20240329), 65 messages. ransomch.at, Casualtek/Ransomchats corpus.
- Pear / US law firm (20250720), 42 messages. ransomch.at.
- mount-locker / Indian healthcare (20201016), 60 messages. ransomch.at.
Operator-side leak data
- ContiLeaks (February 2022), Jabber 2021-2022 archive. BSCR negotiation arc, November 26 – December 4 2021. Operator-anxiety thread, November 11 2021. conti-leaks-englished.
- ContiLeaks operational manuals: Hacker's Quick Start, Technical Manager's Guide, Safety Rules, Task Accounting. Same archive.
Industry commentary
- Aon Professional Services, Ransomware: REvil & the Increased Targeting of Law Firms, September 2020 (Yolaine Chan Kane, Tom Ricketts).
- Aon Professional Services, To Pay or Not To Pay – Professional Service Firms and Ransomware, January 2022.
- Brit Insurance, Ransomware negotiation: Don't try this at home.
- IBM Think Insights, How I got started: Ransomware negotiator.
Background coverage
- LA Times (May 2020) on the Grubman Shire Meiselas & Sacks REvil incident (cited in Aon September 2020 piece).
- Emsisoft (July 2020), The chance of data being stolen in a ransomware attack is greater than one in ten.