Ransomware tactics now include physical coercion as gangs escalate pressure

Over the past year, ransomware campaigns have taken a turn. Cybercriminals are not only encrypting data, they are now  increasingly threatening physical harm to company executives to compel ransom payments, according to the Semperis 2025 Ransomware Risk Report released on 31 July.

The report reveals that in 40% of ransomware incidents globally, perpetrators issued threats of physical violence against senior executives. Alarmingly, that figure rises to 46% in U.S.-based organisations.

 

These groups are also resorting to coercion through legal threats: 47% of victims reported threats of regulatory complaints, with the figure climbing to 58% for U.S. firms.

 

It doesn’t end there. Even among victims who comply, 55% paid more than once, and 15% received either corrupted or non-functional decryption keys, leaving them further exposed and under threats. Cyber Security Review

 

Jeff Wichman, Semperis’s director of breach preparedness and response and former ransomware negotiator, described the physical threats as deeply unsettling. Perpetrators have demonstrated knowledge of executives’ personal lives, including where they live, where their children study, and their online activity. “The threats of physical harm are pretty scary,” he told The Register. “I am afraid of what’s next.”

 

The Semperis report is based on insights from over 1,500 organisations worldwide. It found that 74% faced multiple ransomware attacks in a single year, and 78% of victims paid ransoms, with nearly one-third paying four or more times. Recovery was slow—61% required over a day to restore minimal IT functionality.

 

This intensification marks a humongous shift. Ransomware has evolved beyond mere disruption to become a hybrid threat, combining digital extortion with psychological and physical intimidation. A new paradigm of cyber-physical risk management is taking shape.

 

Stakeholders across legal, HR, executive teams, and cyber incident response must now integrate threat intelligence and personal-security protocols. Board-level oversight should incorporate physical coercion scenarios into tabletop exercises and crisis planning.

 

Semperis CEO Mickey Bresman emphasises that resilience, not ransom payment, must be the default posture:

 

“Paying ransom should never be the default... Every dollar handed to ransomware gangs fuels their criminal economy.”