FBI and Semperis Data Reveal Alarming Surge: 46% of US Ransomware Attacks Now Include Direct Physical Threats Against Staff

The intersection of digital crime and physical danger has reached a critical threshold. According to research by the U.S. FBI and cybersecurity firm Semperis, 46% of ransomware attacks targeting American organizations in 2025 included explicit threats of violence against employees—a figure that underscores how cyber extortion has evolved beyond data encryption into direct intimidation of people. Globally, the rate stands at 40%, indicating this escalation is not an isolated phenomenon but a widespread trend reshaping the threat landscape.

The tactics employed by threat actors have grown increasingly sophisticated. Attackers harvest personal information about employees from compromised networks and use it to deliver targeted threats, ranging from warnings about harm to family members to explicit promises of physical violence. In cryptocurrency-related crime sectors, investigators have documented cases where criminals went beyond threats, arranging kidnappings and physical harm as leverage for payment. Some groups have reportedly hired local intermediaries to carry out physical intimidation or attacks, creating a parallel criminal economy outside traditional cybercrime operations.

Security analysts warn that physical threats fundamentally alter victim behavior. Organizations that might have refused to pay ransoms under data-encryption scenarios become far more likely to comply when personal safety is directly implicated. The presence of physical violence capabilities also expands the pool of criminal actors willing to participate, as it requires less technical expertise than developing exploits. This convergence of digital and physical coercion represents a dangerous evolution in how cybercriminals conduct operations, one that places ordinary workers—not just IT departments—at the center of the threat equation.