By 2025, cybercrime will increasingly go beyond “just money”: attacks aren’t just about downtime bills and ransom payments , but also about real human consequences, from healthcare disruptions and victim harassment to kidnappings, torture, and threats to executives’ families.
The aftereffects of cyber attacks are usually discussed in passing. The industry is accustomed to measuring damage in monetary terms: ransom payments, downtime costs, and investor reactions.
What’s left out is what happens to people: patients, employees, parents, entire cities . And so many such stories have piled up in the last one that it seems to have been a turning point: the human cost of cyber incidents has become too obvious to ignore.
The most tragic example involved a ransomware attack on the British company Synnovis , a provider of laboratory and pathology services for major London hospitals. The breach occurred in 2024, but in 2025, one of the affected healthcare providers officially confirmed that a patient had died during the disruption caused by the attack and subsequent problems . This is significant not because “possible ransomware-related deaths” hadn’t been discussed before, but because it marked the first time a direct link between a cyberattack and a death was officially acknowledged.
Another incident this year demonstrates the depths criminals are willing to stoop to when it comes to pressuring their victims. In their attack on the Kido International child care network, the perpetrators went beyond publishing documents: they also made public images of children and personal information, including home addresses and contact information for adults. Essentially, information about preschoolers became a tool of intimidation. Significantly, this even provoked a backlash within the criminal community: a rival group publicly shamed the attackers on a specialized forum, and some of the material was removed. But the fact remains: the boundaries of what is acceptable in blackmail continue to blur.
In the UK, the attack on Jaguar Land Rover represented the most significant economic blow . Production was halted for approximately five weeks, and the total damage, recovery, and ripple effects along the supply chain were estimated at over £2 billion . The incident also had a social dimension: suppliers dependent on the carmaker’s orders faced financial problems and layoffs , while employees’ families lived in constant tension: people feared losing income, not paying rent, and simply not making it to the end of the year . The company itself did not announce mass layoffs, but the level of anxiety among workers contributed to the impact of the attack, although it was not reflected in the accounting data.
Another alarming trend for 2025 is the convergence of cybercrime and physical violence, particularly in the cryptocurrency sector. Researchers and security firms are documenting a rise in so-called “violence as a service,” in which threats, intimidation, and attacks are becoming an integral part of criminal tools. The most high-profile incident was the kidnapping of Ledger co-founder David Ballan and his wife : the criminals demanded a ransom from Ballan’s colleagues, and the incident was accompanied by a brutality that would have seemed “out of place” recently. At the same time, the industry is drawing attention to observational statistics: for example, enthusiast and entrepreneur Jameson Lopp, who maintains a public log of such incidents, has counted dozens of violent cryptocurrency-related attacks in 2025.
Pressure intensifies even in “classic” extortion. A Semperis study found that approximately 40% of extortion victims have faced threats of physical violence, not just abstract ones, but also targeted ones, when the criminals demonstrate knowledge of their families’ private lives and whereabouts: where their bosses live, where their children go to school, what they do at home . It’s no longer just a ransom negotiation, but a psychological attack that forces the victim to capitulate.
Amid this escalation, news from law enforcement agencies is also worrying. Europol reported on an operation by the GRIMM Operational Task Force : 193 suspects were arrested in cases of contract killings, intimidation, and torture . According to the agency, such schemes often involve teenagers, recruited or forced to perform tasks “for money.” This is no longer a story of malware , but of violent criminal cartels where the digital element is merely the entry ticket.
Another trend this year is “virtual kidnappings,” in which criminals are using artificial intelligence. The FBI has warned that scammers are using photos from social media, generating convincing images or audio/video using deepfakes, to portray a person in danger and demanding a ransom from family members. Sometimes, they even rely on real missing person reports to make the story more credible. According to the FBI , hundreds of these scams netted criminals approximately $2.7 million last year . The recommendations are simple but essential: contact the police, obey “do not call” orders, and have a family password in advance to verify the authenticity of the situation.
2026 looks like it’s going to be very exciting, it’s true.
There are consequences that could affect entire cities simultaneously, even if there were no casualties. In November, Crisis24, the provider of the CodeRED emergency alert system for US municipalities, was attacked. The incident resulted in the theft of citizen data, temporarily interrupting access to the alert app and forcing authorities to replicate notifications via social media. Fortunately, no serious emergencies occurred during the downtime, but the vulnerability itself is clear: a successful attack on such services could cause chaos not in a server room, but on the streets.
If the 2020s began with talk of “extortion as a business,” 2025 increasingly looks like the year when cybercrime ceased to be just a business.
Where there’s extortion, there’s pressure on families. Where there’s data, there’s bullying and the risk of physical violence.
And the higher the stakes, whether cryptocurrencies or critical services, the more likely the next attack will hit not just records, but people as well.
Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.
