A few years ago, Tim Beasley opened his front door to discover a small package left on the step.
“I was like ‘what the heck is this?’. I opened the box, and went ‘oh!’, and I immediately threw it away.”
Inside the box was a threatening note, alluding to physical violence if he didn’t back off.
Beasley works for a US security firm called Semperis, and at the time, he was involved in ransom negotiations on behalf of a US government organization that had been hit by a cyber-attack.
The package delivered to his home in the US was a warning from the ransomware group he had been having to talk to.
How crypto criminals stole $700 million from people – often using age-old tricks
Cyberattacks continue to soar worldwide. In the US alone, the number of reported instances has increased from 288,012 in 2015 to 1,008,597 last year, a record high, according to new figures from the FBI.
It said that the resulting financial loss for US companies and other organizations totalled $20.8 bn (£15.4bn) in 2025. That was up from $16.6bn in 2024.
Meanwhile, cyber-attacks in the UK also hit new highs last year.
Usually, in such instances, hackers try to infiltrate a company’s computer system to steal sensitive data or take control and lock the business out.
The cybercriminals then demand money for the return of the data or for the system to be handed back to the firm in question.
But an increasing number of cyber attackers are now going further in their efforts to extort their victims, and are threatening actual violence. The number of such physical threats rose by more than twofold in the US last year, FBI annual data show.
Separate research from Semperis found that in as many as 40% of global ransomware attacks in 2025, criminals threatened to physically harm staff members who refused to pay a ransom demand.
The phenomenon was said to be even more widespread in the US, where companies experienced physical threats 46% of the time.
“It’s always been here in the background, but it’s becoming more of a reality, slowly inching its way up,” says Beasley.
Tim Beasley had a threatening note left on his doorstep
Hackers are threatening staff after accessing their personal data, including their home addresses. That was the case with one hospital ransom negotiation that Zac Warren from the US security firm Tanium worked on.
“We started getting reports that employees within the hospital were getting phone calls,” says the chief security advisor for Europe and the Middle East.
“So they were calling into the hospital… and asking for nurses by their name, and then talking to them and telling them that they knew where they lived.
“They gave them street addresses, they gave them social security numbers, they did all of these things to make people really feel like they were being watched. They had all this information, so there’s a really strong level of intimidation of the clinicians that was taking place.”
Sometimes, the threat of physical harm is less direct – but no less potentially lethal. In some cases, for example, attackers have been able to take control of manufacturing machinery and demonstrate their control by turning devices such as robots and conveyor belts on and off – actions that could easily lead to injuries or even death.
Many ransomware gangs are state-sponsored, and threats of violence have been seen coming from Russia, China, Iran, and, in some cases, North Korea.
However, most physical threats tend to come from purely financially motivated groups. These hackers are often very young. The FBI’s profile of one such group indicated an age range of mostly between 17 and 25.
In many cases, such cyber-criminals are said to pay others to threaten violence, or actually carry it out.
“They themselves [the hackers], in a lot of cases, don’t want to get their own hands dirty,” says Beasley. So instead they will post on message boards or social media to “do some recruiting, offer some cash, and then people get hit, or they get stalked”.
Some of the most severe threats of violence – and actual physical attacks – are to be found in the murky world of cryptocurrency investment. Last May, for example, French police rescued the father of a cryptocurrency millionaire who had been kidnapped and held for ransom in a Paris suburb.
According to media reports, the victim had one of his fingers cut off.
Police in Paris had to rescue a man who had been kidnapped earlier this year
Last year in Europe, including the UK, there were more than 18 such cases, according to one report. The study said there had been a “dramatic increase” in cybercrime involving physical attacks.
