Redazione RHC : 4 August 2025 07:43
A ransomware expert has revealed that criminal hackers are increasingly threatening physical violence against targeted company employees and their families, to force victim organizations to pay ransoms.
According to a survey conducted by Censuswide on behalf of Semperis of 1,500 cybersecurity and IT professionals, the most common methods of applying pressure by attackers are still traditional ones, including locking down systems (52%) and destroying data (63%). Nearly half of the professionals surveyed (47%) from across several countries reported that attackers also threatened to file a complaint against them with regulators and inform them that the company was trying to hide information about a serious data breach.
But the most alarming conclusion the researchers reached based on the survey was that 40% of respondents had received threats of physical violence from attackers. “Threats of physical violence are really scary,” Jeff Wichman, director of incident response at Semperis, told the Register the Register. “I’m terrified of what’s going to happen next.”
Before leading the Semperis response team, Wichman was a professional ransomware negotiator. He says it’s not uncommon for attackers to contact executives of targeted companies to threaten them. “They threatened their families: they knew what websites they visited, what they did at home,” Wichman explains. “The attackers knew where the executives lived, where their families were, what school their children attended.”
According to the expert, threats of physical violence are usually generic in nature, aimed at escalating tensions. “If I tell you, ‘I’ll attack your children at school,’ you’ll increase school security. And if I simply say, ‘I’ll take your family,’ you’ll be afraid to go to the supermarket, the movies, anywhere,” explains Wichman. What’s worse, the expert believes that such threats will become more frequent and even more severe in the future.
Overall, Semperis’s annual report paints a rather grim picture. The majority of respondents (78%) have experienced ransomware attacks in the past year. This percentage is slightly lower than in 2024 (83%). However, despite the decline in the overall number of attacks, companies are taking longer to recover from incidents. Only 23% of respondents said they recovered within a day (compared to 39% last year), while 18% said it took them between a week and a month. “This is because attackers try to damage the infrastructure as much as possible, and organizations are forced to restore it from backups or even from scratch,” says Wichman.
The report also finds that, on average, 15% of organizations that paid the ransom never received working keys to decrypt their data, and that 3% of affected companies had their information “leaked” even after paying the ransom.“I don’t think an organization can pay the ransom and think it’s safe,” says Wichman.“I’ve seen many cases where attackers promised to delete stolen data, but actually didn’t. This is valuable information that can be resold. Why not make a little extra money?”
Redazione