The ransomware threat landscape has taken a dramatic and worrying turn. A ransomware-as-a-service (RaaS) group known as Global Group has started using AI-powered chatbots to handle ransom negotiations—a move that could fundamentally change the way cybercriminals operate.
These chatbots are far more than simple communication tools. They can negotiate directly with victims across multiple languages and time zones, applying psychological pressure through tactics such as countdown timers and even fake decryption samples. By removing the need for constant human oversight, attackers can manage far more victims at once, scaling their operations with unprecedented efficiency.
This marks a significant shift: AI is no longer just a background tool for cybercriminals—it’s now front and centre in executing the most critical stage of a ransomware attack.
AI changes the rules of the game
The introduction of AI-driven chatbots into ransomware negotiations gives hackers several advantages. First, it allows them to scale attacks rapidly. Where negotiations previously required time and human input, AI now enables one attacker to handle multiple victims at the same time, across different regions and languages, with little to no delay.
Second, these chatbots are programmed to manipulate. They can create a sense of urgency by deploying countdown clocks or sending fake decryption files to build trust, pushing victims towards hurried and often ill-informed decisions.
Finally, automation removes negotiation delays. Programmed, real-time responses make it harder for security teams or law enforcement to intervene, giving attackers the upper hand throughout the process.
The result? Faster, more frequent, and more effective ransomware campaigns.
Ransomware numbers continue to rise
This technological leap comes against a backdrop of rapidly increasing ransomware activity. Our own threat intelligence team has recorded a 324% surge in reported ransomware attacks since 2020, and with AI now making negotiations quicker and more scalable, we can only expect this upward trend to continue.
The impact on cyber insurance
For the cyber insurance industry, this development presents a growing challenge. Faster, more coercive attacks could lead to a rise in both the frequency and severity of claims as more victims feel pressured to pay.
Insurers may need to adapt quickly. Underwriting processes are likely to become stricter, with greater emphasis on security controls, employee training, and incident response planning before cover is offered. Policy wordings may also need to evolve to account for AI-driven threats, clarifying how coverage applies when attacks are automated, cross-border, and highly coordinated.
At the same time, demand for cyber insurance and for the risk prevention tools that often come bundled with policies is likely to rise sharply. Businesses will increasingly look for providers who can offer not just financial protection but proactive risk management support, real-time threat intelligence, and guidance on strengthening their defences.
A new era of cyber risk
The use of AI in ransomware negotiations highlights how quickly the threat landscape is evolving. For insurers, brokers, and policyholders, this is a wake-up call: cyber risk is becoming faster, more complex, and more manipulative.
The future of cyber insurance will depend on the industry’s ability to adapt by innovating products, strengthening risk prevention measures, and staying ahead of emerging attack methods. As AI reshapes the world of cybercrime, proactive risk management and early detection will become essential tools in protecting both businesses and insurers from the growing wave of ransomware threats.
Find out more about how we support insurers, reinsurers and MGAs in protecting their policyholders.