Corporate America is under digital siege — but the crooks aren’t cashing in like they used to, according to a new report.
Ransomware attacks are hammering companies worldwide, sparking booming demand for a new kind of fixer: cyber ransom negotiators who haggle with hackers and stall for time, the Financial Times reported. But fewer businesses are actually coughing up the cash.
As cyberattacks pile up, firms are scrambling to hire tech-savvy dealmakers who can outmaneuver online extortionists. These negotiators drag out talks and squeeze intel out of attackers — all while trying to reduce or avoid payouts entirely.
The strategies are reportedly working. Less than half of global companies hit by ransomware in 2025 ended up paying, down from 56% the year before, according to a report from cybersecurity company Sophos.
Less than half of global companies hit by ransomware in 2025 ended up paying, down from 56% the year before. Syda Productions – stock.adobe.com Talks with anonymous hackers are akin to a high-stakes chess match. Negotiators often pose as clueless IT staffers and slow-walk conversations. Talks can stretch from a few days to weeks, unfolding across shadowy corners of the web, encrypted emails and niche chat platforms, according to the FT.
The cyber crooks are often far from criminal masterminds. According to the report, many are shockingly young — sometimes teenagers — and known for crude language and erratic behavior that can make negotiations messy and unpredictable.
“I joke that in my mind’s eye these are neck-bearded basement dwellers. But the truth is … a lot are very young teenagers or maybe in their early twenties,” Don Wyper of cyber firm DigitalMint told the FT.
British retailers Marks and Spencer and Harrods were hit by hackers last year. Automaker Jaguar Land Rover reportedly lost about $344 million.
Hackers typically demand ransoms worth 1 to 2% of a company’s revenue — but that is often just the opening bid. Negotiators can drive it down while quietly tracking crypto wallets and digital fingerprints.
Cyber firm DigitalMint helps thwart hacker attacks. Linkedin/DigitalMint Many of these cyber middlemen are ex-cops or financial pros, bringing real-world negotiation chops into the digital battlefield.
For those who do pay, the money usually flows in cryptocurrency like Bitcoin, often funneled through specialized payment brokers. But even if a deal is struck, nothing is guaranteed and firms must weigh legal concerns, such as whether paying a ransom could violate sanctions or fund criminal networks.
“There is always the risk of them not adhering to the terms of the agreement and they are not bound by the same legal terms and potential for civil or regulatory penalties that a regular organization would be,” Mark Lance, of the cyber security adviser GuidePoint Security, told the FT.
