‘Even if there’s no intent on paying a ransom, there’s a tremendous amount of value in engaging the cyber criminals,’ a ransomware negotiator said.
Mark Lance’s phone rings when a company’s data is being held hostage. Often, the perpetrators are demanding a ransom to return sensitive information.
“The largest demand for one of our victims was $70 million,” said Lance, a ransomware negotiator with Virginia-based Guidepoint Security.
Failure to pay is under the threat that the company’s information will be made public.
“The earlier we get engaged, the better,” Lance told The Epoch Times.
“In most circumstances … a client has already recognized that they’ve been a victim—they’ve been informed via ransom notes,” he said.
“We help people recognize that even if there’s no intent on paying a ransom, there’s a tremendous amount of value in engaging the cyber criminals, because … you can still do things like delay the inevitable release of their information, which will allow for more time for the forensics and incident response work stream to make sure that they are patched.”
Cyber attacks, usually involving ransomware, are being perpetrated against corporations and state-owned agencies in the United States every day.
In the first half of 2025, a Comparitech report shows 208 ransomware attacks on government agencies globally, a 65 percent increase from the same period of 2024.
Ransomware is a type of malicious software—or malware—that prevents a user from accessing his or her computer files, systems, or networks and demands that he or she pay a ransom for their return, according to the FBI.
The average cost to the victim of a ransomware attack has risen from $761,106 in 2019 to an estimated $5.13 million in 2025, according toPurpleSec, a U.S.-based cybersecurity company.
That includes the ransom payment itself, the recovery costs, and various indirect costs such as reputational damage.
Lance, who has worked in cybersecurity for 25 years, said when he is called in at the early stage of an attack, the victim is usually still performing a business impact analysis.
“They’re not necessarily sure what has fully transpired or has occurred within their environment, to know what they potentially need to do as next steps,” he said.
