Cybercriminals are increasingly augmenting their digital extortion tactics with explicit threats of physical violence, a disturbing trend that is escalating globally. This evolution in criminal methodology moves beyond the traditional realm of data breaches and ransomware demands, introducing a tangible element of fear and personal danger to victims. The shift is marked by a significant rise in instances where attackers directly threaten the physical safety of individuals, their families, or their employees if ransom demands are not met.
In the United States, the Federal Bureau of Investigation (FBI) has reported a substantial increase in cyber-attack incidents. In 2015, the FBI recorded 288,012 reported instances of cybercrime. By the following year, this figure had risen to 1,008,597, marking a record high. The financial repercussions of these attacks are also mounting, with losses for US companies and organizations totaling $20.8 billion in 2025, an increase from $16.6 billion in 2024. Similarly, the United Kingdom has also experienced new highs in cyber-attack occurrences over the past year.
Traditionally, cyber-attacks involved infiltrating computer systems to steal sensitive data or to lock out businesses, with criminals then demanding payment for data recovery or system access. However, a growing number of cyber attackers are now extending their reach by threatening actual physical harm. FBI data indicates that the number of such physical threats more than doubled in the US last year. This escalation suggests a more aggressive and personal approach by cybercriminals seeking to maximize their leverage and ensure payment.
Research conducted by Semperis, a security firm, revealed that in approximately 40% of global ransomware attacks in 2025, criminals issued threats of physical harm against staff members who refused to comply with ransom demands. This phenomenon appears to be even more prevalent in the United States, where companies reported facing physical threats in 46% of ransomware incidents. Tim Beasley, who works for Semperis, noted that while such threats have always existed in the background, they are now becoming a more pronounced and increasing reality.
The personal data accessed by hackers, including home addresses, is being weaponized to intimidate victims. Zac Warren, Chief Security Advisor for Europe and the Middle East at Tanium, a US security firm, described a case involving a hospital. Employees began receiving phone calls from attackers who knew their names and personal details, including where they lived. "They gave them street addresses, they gave them social security numbers, they did all of these things to make people really feel like they were being watched," Warren stated, highlighting the intense intimidation faced by hospital clinicians.
In some instances, the threat of physical harm is less direct but potentially equally dangerous. Attackers have demonstrated their control over critical infrastructure by manipulating manufacturing machinery, such as robots and conveyor belts. These actions, while not directly targeting individuals, could easily lead to severe injuries or fatalities, underscoring the broader risks associated with compromised industrial control systems.
While many ransomware gangs are state-sponsored, with threats of violence reportedly originating from countries like Russia, China, Iran, and North Korea, most physical threats appear to stem from purely financially-motivated groups. These financially driven hackers are often young, with FBI profiles indicating age ranges between 17 and 25. It is common for these cybercriminals to outsource the threats or the actual execution of violence to third parties.
"They themselves [the hackers], in a lot of cases don't want to get their own hands dirty," explained Beasley. Instead, they recruit individuals through online message boards and social media platforms, offering payment for carrying out threats or physical actions like stalking or assault. This division of labor allows the core hacking groups to maintain a degree of separation while still leveraging the fear of physical reprisal.
The most severe threats and actual physical attacks are frequently observed in the volatile realm of cryptocurrency investment. In May of the previous year, French police rescued the father of a cryptocurrency millionaire who had been kidnapped and held for ransom in a Paris suburb. Reports indicated that the victim had a finger severed as part of the ordeal. According to one study, Europe, including the UK, recorded over 18 such cases last year, signaling a "dramatic increase" in cybercrime involving physical violence.
Europol, the European Union's law enforcement agency, investigates such crimes as part of its broader efforts against "violence as a service." This involves individuals offering to carry out violent acts for a fee. In the US, the FBI issued an alert last summer concerning the escalating risks posed by a network of online-linked criminals known as "In Real Life Com." These criminals are reportedly becoming more aggressive and readily offer violence-as-a-service.
Adam Meyers, Senior VP for Counter Adversary Operations at CrowdStrike, described "The Com" as a platform where individuals can arrange for harmful actions against others. "That could be throwing bricks through a window, it could be setting something on fire, it could be a shooting or it could be a kidnapping," Meyers said. He added that individuals with lower technical sophistication may be drawn to violence-as-a-service because it is the primary skill they can offer.
Meyers also noted that victims in cryptocurrency cases often attract attention by being overly public about their wealth and activities on social media. Unlike traditional investors, cryptocurrency enthusiasts frequently discuss their trading and profits online, seeking followers and attention. This public display of success can inadvertently make them targets for criminals who monitor such activities. "As you do that, you're drawing attention to yourself," Meyers cautioned.
Beasley predicts that threats of violence linked to cybercrime will continue to rise, largely because victims continue to pay ransoms, often out of fear for their families' safety. "They don't want their kids getting kidnapped," he stated, adding that the pervasive nature of these threats creates a constant sense of unease. "It does make you want to look behind your back."
