Inside a Firm Specializing in Cyber Crisis and Ransom Negotiation

When a call comes into the cybersecurity firm S-RM, headquartered in London, a hacked business or institution may have just minutes to protect itself, writes Anna Isaac of The Guardian. The company has built a reputation as an urgent-response and ransom negotiation specialist.

S-RM operates largely through referrals and discretion, and has handled complex intrusions, including a major retail attack attributed to the Scattered Spider group. Its model prioritizes immediate containment, rapid coordination, and minimizing operational fallout before attackers can escalate harm.

The firm’s workforce includes multilingual specialists with limited public profiles, reflecting backgrounds in intelligence or sensitive corporate roles. It claims to operate the UK’s largest cyber-incident response team, with roughly 150 experts available globally.

Engagements come through retainers, insurer referrals, or emergency outreach by victims. In one case, a brief initial call evolved into a continuous round-the-clock response, illustrating how quickly incidents can intensify without early intervention.

According to the firm’s leadership, the earliest reconnaissance phase often determines outcomes. Attackers typically assess value before stealing data or deploying ransomware, creating a narrow window for defenders to restrict access and prevent exfiltration or encryption. The firm also provides extortion support, participating in ransom negotiations when required, while encouraging non-payment where feasible.

Clients receive intelligence on criminal group behavior, reliability, and sanctions considerations, though enforcement against state-linked actors remains difficult.

Businesses ultimately decide whether to pay by weighing operational survival against ethical and legal risk. As refusal becomes more common, restoration and recovery services increasingly dominate response priorities, with forensic attribution sometimes secondary.

Government involvement has also evolved. In England, the National Cyber Security Centre now warns potential targets and facilitates information sharing.

Lawyers should note that preparedness is key to negotiating the kind of crisis the company is hired to deal with. Without foolproof backup, the legal and regulatory consequences of capitulation to ransom crooks become inevitable.