When ransomware gets physical: cybercriminals turn to threats of violence

INDUSTRY NEWS 2 min read When ransomware gets physical: cybercriminals turn to threats of violence Graham CLULEY May 14, 2026 Promo Protect all your devices, without slowing them down. Free 30-day trial For years, ransomware has been a crime committed at arm's length. Hackers in one country, victims in another. The only weapon is the hackers' threat to release stolen data, or leave your systems permanently encrypted. But that's changing. As a BBC News report describes, a growing number of online extortionists are no longer content with locking up your files and threatening to leak your data. Instead, they are making threats to hurt their victims. Or their families. Or staff who refuse to pay up. A study last year by identity security firm Semperis found that 40% of ransomware attacks saw criminals threatening physical violence against employees who refused to pay. In the United States that figure rose to 46%. A spokesperson for Semperis, which helps organisations negotiate with ransomware attackers, told BBC News that one gang had left a threatening note on his own doorstep while he was working an incident for a US government agency. In another case, Zac Warren of security firm Tanium described how a ransomware-hit hospital had received phone calls, where callers asked for nurses by name, and then recited their home addresses and social security numbers down the line. The theory is that hackers themselves are unlikely want to get their own hands dirty in such intimidatory tactics, but instead post on message boards, offer cash, and recruit somebody local to do it for them. I guess you can call it violence-as-a-service. And the FBI has been taking note. Last summer it issued an alert about the loose-affiliated cybercriminal network known as "The Com", which is said to have sometimes resorted to violent tactics such as throwing bricks through windows, arson, kidnapping, and even shootings. Some of the most disturbing instances of cybercrime spilling out into physical violence can be found where cryptocurrency and organised crime intertwine. Last May, French police rescued the father of a cryptocurrency millionaire who had been kidnapped and held for ransom in a Paris suburb. According to reports the victim had one of his fingers cut off. More than 18 similar attacks against holders of large sums of cryptocurrency holders were reported across Europe last year. With physical threats seemingly becoming more common than ever before, it's clearly important for defenders to learn some lessons. Firstly, the personal information held by a company about its staff - such as home addresses and family details - must be considered critically important to protect. If hackers break into your network you are not just facing the threat of customer records and intellectual property being stolen, but also the material which could be used for intimidation. Secondly, incident response plans must be looked at again. It is one thing to have a plan for restoring your company from backups, but it is quite another to have a plan for what to do when a member of staff takes a phone call from a stranger who knows their home address. TAGS industry news AUTHOR Graham CLULEY Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s. View all posts RIGHT NOW TOP POSTS SCAM HOW TO Scammer phone number lookup. How to check if a phone number is a scam April 19, 2024 SCAM DIGITAL PRIVACY HOW TO How scammers gain access and hack your WhatsApp account and what you can do to protect yourself May 01, 2024 INDUSTRY NEWS MOBILE SECURITY Apple Sends Urgent Security Alert to iPhone Lock Screens — Here’s Why You Shouldn’t Ignore It March 30, 2026 INDUSTRY NEWS DATA BREACH Rockstar Games confirms breach after ShinyHunters leaks stolen analytics data April 14, 2026 FOLLOW US ON SOCIAL MEDIA YOU MIGHT ALSO LIKE INDUSTRY NEWS SCAM Football ticket scams are rising fast, Lloyds Bank warns Alina BÎZGĂ May 14, 2026 3 min read INDUSTRY NEWS When ransomware gets physical: cybercriminals turn to threats of violence Graham CLULEY May 14, 2026 2 min read INDUSTRY NEWS MOBILE SECURITY iPhone-to-Android Texts Are Finally Encrypted – Here’s What That Means for You Filip TRUȚĂ May 13, 2026 4 min read BOOKMARKS You have no bookmarks yet. Tap to read it later.