Cyber-crime is increasingly moving beyond purely digital disruption, with security experts warning that some attackers are now adding real-world intimidation and threats of violence to traditional ransomware tactics.
A few years ago, Tim Beasley returned home to find a small parcel left on his doorstep. At first, it seemed like an odd delivery, but the contents quickly shifted that impression. Inside was a note suggesting he could be physically harmed if he did not step away from his work.
Beasley works for U.S. security firm Semperis and was involved in ransom negotiations on behalf of a U.S. government-linked organisation that had been hit by a cyber-attack. The package, he said, came from the ransomware group he had been speaking to and served as a direct warning.
The incident comes amid a sharp rise in cyber-crime worldwide. In the United States, reported cases have grown from 288,012 in 2015 to more than one million last year, according to FBI figures. Financial losses linked to these attacks reached $20.8 billion in 2025, up from $16.6 billion the year before.
The UK has also seen cyber-attacks reach record levels in recent years, reflecting a wider global trend. While ransomware traditionally involves stealing or encrypting data and demanding payment, researchers say tactics are becoming more aggressive and personal.
FBI data shows physical threats linked to cyber incidents have more than doubled in the U.S. over the past year. Research from Semperis suggests that in up to 40% of ransomware cases globally in 2025, victims who refused to pay were threatened with physical harm, rising to 46% in the United States.
Beasley says the shift has been gradual but increasingly visible. “It’s always been here in the background, but it’s becoming more of a reality, slowly inching its way up,” he said.
Attackers are often using stolen personal information, including home addresses and phone numbers, to make threats feel credible. In some cases involving hospitals, employees were contacted directly and told their personal details were known, creating fear among staff.
Zac Warren of U.S. cybersecurity firm Tanium said attackers had used detailed personal data to intimidate healthcare workers, including nurses, by demonstrating access to addresses and identification numbers.
Experts also warn that cyber intrusions can extend into industrial systems, where attackers demonstrate control over machinery such as conveyor belts or robots. Even brief disruptions raise concerns about potential physical harm.
While some activity is linked to state-backed groups, many physical threats come from financially motivated criminals, often young and operating through online networks. Europol has described the trend as part of a growing “violence as a service” ecosystem, where individuals are paid to carry out intimidation or attacks.
In cryptocurrency-related cases, the risks appear more pronounced. High-profile incidents in Europe have included kidnappings linked to digital wealth, with victims targeted after public exposure of their assets online.
Adam Meyers of cybersecurity firm Crowdstrike said criminals exploit visibility and online behaviour. “They are online talking about trading cryptocurrency and how much money they have made, trying to get followers and get attention. As you do that, you are drawing attention to yourself.”