Physical Violence Threats Rise in Cyber Crime Cases

Hackers targeting companies with ransomware are increasingly supplementing technical attacks with threats of physical violence against employees. A security professional who works for a US firm called Semperis described opening his front door to find a package containing a threatening note alluding to violence if he did not stop negotiations on behalf of a government organisation hit by a cyber attack.

The number of reported cyber incidents in the US rose from 288,012 in 2015 to 1,008,597 last year, according to FBI figures. Financial losses reached $20.8 billion in 2025, up from $16.6 billion in 2024. Cyber attacks in the UK also reached new highs last year.

In traditional ransomware attacks, hackers infiltrate systems to steal data or lock out users before demanding payment. An increasing proportion of attackers are now adding direct threats of violence. FBI data shows such physical threats more than doubled in the US last year.

Separate research from Semperis found physical harm threats appeared in 40% of global ransomware attacks in 2025. The figure reached 46% for companies in the US. "It's always been here in the background, but it's becoming more of a reality, slowly inching its way up," one security professional said.

Attackers often obtain personal information including home addresses after breaching company systems. In one hospital ransomware case handled by staff from a US security firm called Tanium, employees received phone calls in which callers used their names, provided home addresses and social security numbers, and stated they knew where the staff lived.

In other incidents, attackers have taken remote control of industrial machinery such as robots and conveyor belts, switching them on and off to demonstrate capability. Such actions can lead to injuries or death in manufacturing environments. Many ransomware groups receive state support from countries including Russia, China, Iran and North Korea.

Most physical threats, however, come from financially motivated actors. The FBI profile of one such group showed members were mostly aged between 17 and 25. Hackers frequently recruit others to make threats or carry out violence. "They themselves in a lot of cases don't want to get their own hands dirty," one security professional said.

Recruiters post on message boards and social media offering payment for acts including stalking or assault. The most severe cases have appeared in cryptocurrency-related crimes. Last year in Europe, including the UK, more than 18 kidnappings linked to crypto investments were reported.

Europol tracks such activity under its "violence as a service" investigations, in which individuals are paid to carry out attacks. The FBI issued an alert last summer about a network known as "In Real Life Com" that offers violence services. One cybersecurity executive described the network as willing to undertake actions from property damage to shootings or kidnappings for payment.

Threats of violence linked to cyber crime are expected to continue rising because companies and individuals make payments to protect themselves and their families. Security firms report attackers use stolen personal data to make threats feel immediate and credible.

In some cases the goal is to pressure staff directly rather than only the organisation.

Violence as a Service Criminal networks have emerged that supply physical enforcement for online criminals. These services allow technically focused hackers to outsource violence. Law enforcement agencies in the US and Europe are investigating the trend as part of broader cyber crime efforts.