Ransomware gangs are now expanding to physical threats in the real world
Growing number of victims threatened with physical violence

- Ransomware attacks now often includes more than just encrypting files
- In many cases, the attackers threaten the victims with violence
- They also file reports with the SEC
Ransomware gangs seem to be getting desperate when it comes to getting results, as besides encrypting and leaking data on the web, they’ve also started threatening CEOs with physical violence.
Cybersecurity researchers Semperis claim over the past 12 months, in 40% of ransomware incidents, the CEOs of the affected company were also physically threatened - which rises to 46% among US-based organizations.
But even paying up may not be enough, as the research found more than half (55%) of organizations who paid a demand did so multiple times, with nearly a third (29%) of those firms paying three or more times, and 15% were not even sent decryption keys, or received corrupted keys.
Physical violence
Threatening to file a regulatory complaint also seems to be a popular tactic, Semperis found. It was observed in 47% of attacks, rising to 58% in the US.
In 2023, the infamous BlackCat ransomware group reported one of its victims to the SEC to get them to pay, with this tactic due to growing regulatory requirements around cyber incident reporting, including the SEC’s four-day disclosure rule for publicly traded companies.
Ransomware has been around for more than a decade, and during this time it has evolved multiple times. It started with just encryption, which companies quickly mitigated by keeping offline backups of all the key data.
Criminals then responded by stealing the data first, and threatening to release it on the dark web unless a payment’s made. This strategy, known as “double extortion” works rather well, so well in fact that some criminals abandoned the encryption part altogether and are just focused on stealing files.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
However, many companies refuse to budge, forcing the criminals into even bigger extremes.
In some cases, they pair the encryption of the back-end with a Distributed Denial of Service (DDoS) on the front-end, bringing the entire business to a screeching halt. Phone calls to victim organizations were also observed in a couple of cases, and now, we can add physical threats to the mix, as well.
“While some circumstances might leave the company in a non-choice situation, we should acknowledge that it's a downpayment on the next attack," noted Mickey Bresman, CEO of Semperis.
"Every dollar handed to ransomware gangs fuels their criminal economy, incentivizing them to strike again. The only real way to break the ransomware scourge is to invest in resilience, creating an option to not pay ransom," he commented.
You might also like
- Top ransomware group BlackSuit has dark web extortion sites seized and shut down
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.