Threatening Package Delivered to Security Expert
A few years ago, Tim Beasley opened his front door to find a small package left on his doorstep.
"I was like 'what the heck is this?'. I opened the box, and went 'oh!', and I immediately threw it away."
Inside the package was a threatening note implying physical violence if he did not back off.
Beasley is employed by the US security firm Semperis and was at the time involved in ransom negotiations on behalf of a US government organisation that had suffered a cyber-attack.
The package sent to his home in the US served as a warning from the ransomware group with whom he had been negotiating.
Surge in Cyber-Attacks and Financial Losses
Cyber-attacks continue to rise globally. In the US alone, reported incidents increased from 288,012 in 2015 to a record 1,008,597 last year, according to new FBI data.
The FBI reported that financial losses for US companies and organisations reached $20.8 billion (£15.4 billion) in 2025, up from $16.6 billion in 2024.
Similarly, the UK experienced record-high cyber-attack numbers last year.
Evolution of Threats: From Data Theft to Physical Violence
Typically, hackers infiltrate company systems to steal sensitive data or lock businesses out, demanding ransom payments for data return or system restoration.
However, an increasing number of cyber attackers are escalating their extortion tactics by threatening physical violence. FBI annual data shows that physical threats more than doubled last year in the US.
Research by Semperis revealed that in 40% of global ransomware attacks in 2025, criminals threatened to physically harm staff who refused to pay ransom demands.
This trend is even more pronounced in the US, where companies reported physical threats in 46% of cases.
"It's always been here in the background, but it's becoming more of a reality, slowly inching its way up,"
Beasley commented.
Use of Personal Data to Intimidate Staff
Hackers have been threatening employees after accessing their personal information, including home addresses. Zac Warren from US security firm Tanium described such an incident during a hospital ransom negotiation.
"We started getting reports that employees within the hospital were getting phone calls,"
said Warren, chief security advisor for Europe and the Middle East.
"So they were calling into the hospital… and asking for nurses by their name, and then talking to them and telling them that they knew where they lived.
"They gave them street addresses, they gave them social security numbers, they did all of these things to make people really feel like they were being watched. They had all this information, so there's a really strong level of intimidation of the clinicians that was taking place."
Indirect Threats via Control of Machinery
Sometimes, threats of physical harm are less direct but equally dangerous. Attackers have taken control of manufacturing machinery, demonstrating their power by turning devices such as robots and conveyor belts on and off, actions that could cause injuries or fatalities.
Origins and Profiles of Threatening Ransomware Groups
Many ransomware gangs are state-sponsored, with threats originating from countries including Russia, China, Iran, and occasionally North Korea.
However, most physical threats come from financially motivated groups, often composed of young individuals. The FBI profiled one such group with members mostly aged between 17 and 25.
In numerous cases, these cyber-criminals hire others to issue threats or carry out violence.
"They themselves [the hackers], in a lot of cases don't want to get their own hands dirty,"
Beasley explained.
"So instead they will post on message boards or social media to 'do some recruiting, offer some cash and then people get hit or they get stalked'."
Severe Physical Attacks in Cryptocurrency Sector
Some of the most serious threats and actual physical attacks occur within the cryptocurrency investment world. In May, French police rescued the father of a cryptocurrency millionaire who had been kidnapped and held for ransom in a Paris suburb.
Media reports indicated the victim had one of his fingers severed.
Last year, Europe, including the UK, recorded over 18 such cases. A report described a "dramatic increase" in cybercrime involving physical attacks.
Europol, the European Union's law enforcement agency, investigates these crimes as part of broader efforts to apprehend perpetrators of "violence as a service," where individuals carry out attacks for payment.
US FBI Alert on Increasing Violence-as-a-Service
In the US, the FBI issued a warning last summer about rising violence risks from an online-linked criminal network known as "In Real Life Com."
The FBI noted these criminals are becoming more aggressive and willing to provide violence-as-a-service.
"If you are looking for something bad to happen to somebody you can find somebody that's willing to take that action for you within 'The Com',"
said Adam Meyers, senior vice president for counter adversary operations at cybersecurity software firm Crowdstrike.
"That could be throwing bricks through a window, it could be setting something on fire, it could be a shooting or it could be a kidnapping. Lower technically-sophisticated people will probably gravitate more towards violence-as-a-service because violence is often the only thing they have that they can bring to the party."
Meyers added that cryptocurrency victims often attract attention by sharing details on social media.
"Cryptocurrency people tend to have discussions about it in a way that you don't find with people who maybe have gold,"
he said.
"They're online talking about trading cryptocurrency and how much money they've made, trying to get followers and get attention. As you do that, you're drawing attention to yourself."
Outlook on Threats of Violence in Cybercrime
Beasley predicts that threats of violence linked to cybercrime will likely continue to increase because victims keep paying ransoms.
"They don't want their kids getting kidnapped."
He added:
"It does make you want to look behind your back."
