Cybercriminal groups are increasingly threatening physical violence against employees and executives during ransomware attacks, according to cybersecurity firms and law enforcement agencies, as hackers expand extortion tactics beyond digital disruption and financial demands.
The shift comes as cyber-attacks continue reaching record levels globally.
According to new figures from the Federal Bureau of Investigation, reported cybercrime incidents in the United States rose from 288,012 cases in 2015 to more than 1 million cases last year.
The FBI said financial losses linked to cybercrime in the U.S. reached $20.8 billion in 2025, increasing from $16.6 billion in 2024.
The United Kingdom also recorded record levels of cyber-attacks last year.
While ransomware attacks traditionally focused on stealing data or locking victims out of computer systems until payments were made, security researchers say attackers are now increasingly targeting individuals directly.
Security Negotiator Received Threatening Package
Tim Beasley said he personally experienced the escalation while handling ransomware negotiations on behalf of a U.S. government organization.
Beasley, who works for cybersecurity company Semperis, said a small package was delivered to his home containing a threatening message warning him to stop interfering in negotiations.
“I was like ‘what the heck is this?’” Beasley said.
The package allegedly came from the ransomware group involved in the attack.
Semperis research found that physical threats were made in approximately 40% of ransomware attacks globally during 2025.
In the United States, the figure rose to 46%, according to the company.
“It’s always been here in the background, but it’s becoming more of a reality, slowly inching its way up,” Beasley said.
FBI data also showed the number of cyber incidents involving physical threats more than doubled last year.
Hackers Increasingly Use Personal Information To Intimidate Victims
Zac Warren described one ransomware case involving a hospital where attackers contacted staff members directly after obtaining personal data.
According to Warren, the attackers called nurses by name and provided their home addresses and Social Security numbers during phone conversations.
“They gave them street addresses, they gave them social security numbers,” Warren said.
“There’s a really strong level of intimidation of the clinicians that was taking place,” he added.
Warren works for cybersecurity firm Tanium.
Researchers also warned that attackers increasingly demonstrate control over industrial systems during attacks.
In some cases, hackers have remotely activated manufacturing robots or conveyor belts to show they can interfere with physical equipment, potentially creating safety risks for workers.
Violence-As-A-Service Networks Expanding
Security experts say many financially motivated cybercriminal groups are made up of younger attackers, often between the ages of 17 and 25.
Some groups reportedly hire third parties to carry out intimidation campaigns or physical attacks.
Beasley said attackers sometimes recruit people through online forums or social media.
“They themselves, in a lot of cases, don’t want to get their own hands dirty,” he said.
Cybersecurity researchers and law enforcement agencies have increasingly described these operations as “violence-as-a-service.”
Last summer, the FBI issued an alert warning about an online criminal network known as “In Real Life Com,” which investigators said offered physical attacks for hire.
Adam Meyers said such services can include vandalism, arson, shootings, or kidnappings.
“If you are looking for something bad to happen to somebody you can find somebody that’s willing to take that action for you,” Meyers said.
Meyers works for cybersecurity company CrowdStrike.
Cryptocurrency Sector Sees Increase In Physical Attacks
Researchers said some of the most severe incidents have occurred in the cryptocurrency industry.
In May last year, French police rescued the father of a cryptocurrency millionaire who had reportedly been kidnapped in a Paris suburb.
Media reports stated the victim had one finger cut off during the incident.
A separate report identified more than 18 cryptocurrency-related physical attacks across Europe and the United Kingdom last year.
Europol investigates such cases as part of broader efforts targeting organized violence-for-hire operations.
Meyers said cryptocurrency investors sometimes unintentionally attract attention through social media activity discussing financial gains.
“They’re online talking about trading cryptocurrency and how much money they’ve made,” he said.
Beasley warned that physical threats linked to cybercrime may continue increasing because ransom payments remain common.
“They don’t want their kids getting kidnapped,” he said.
Featured image credits: ADITS
For more stories like it, click the +Follow button at the top of this page to follow us.
