Ransomware Negotiator Reveals Hackers Increasingly Threaten Physical Violence Against Victims

A professional ransomware negotiator has revealed a disturbing new trend: hackers are increasingly threatening physical violence against employees of targeted companies—and even their families—to coerce organizations into paying ransoms.

According to a global survey of 1,500 cybersecurity and IT professionals conducted by Censuswide on behalf of Semperis, attackers still rely heavily on traditional extortion methods, including:

• Data destruction (63%)
• System lockouts (52%)

But nearly half (47%) of respondents also reported that hackers threatened to report them to regulatory bodies—accusing them of hiding a major data breach—as another pressure tactic.

Yet the most chilling revelation: 40% of respondents said they or their colleagues received direct physical threats from cybercriminals.

“Threats of physical violence are truly terrifying,” said Jeff Wichman, Director of Incident Response at Semperis, in an interview with The Register. “It’s frightening to think about where this could lead.”

Wichman, a former professional ransomware negotiator, described cases where attackers directly contacted company executives with unsettling threats.

“They’ve threatened their families. They know what websites they visit, what they do at home,” Wichman explained. “Attackers know where executives live, where their families are—even which schools their children attend.”

He noted that the threats are often deliberately vague to maximize psychological impact:

“If I say, ‘I’ll attack your kids at school,’ you’ll increase security at the school. But if I just say, ‘I’ll get to your family,’ suddenly going to the grocery store or the movies becomes terrifying.”

Wichman warned that such intimidation tactics are likely to grow more common—and more aggressive.

A Bleak Ransomware Landscape

The Semperis annual report underscores how pervasive—and damaging—ransomware has become:

• 78% of organizations experienced ransomware attacks in the past year (down slightly from 83% in 2024)
• Only 23% managed to restore operations within a day (compared to 39% last year)
• 18% required between a week and a month to recover

“Attackers are now focused on causing maximum infrastructure damage,” Wichman said. “They want to force organizations to rebuild from backups—or start over entirely.”

Ransom Payments Offer No Guarantees

The report also highlighted the unpredictability of paying a ransom:

• 15% of companies that paid never received working decryption keys
• 3% had their data leaked anyway, despite assurances it would be deleted

“I don’t believe any organization can pay and assume they’re safe,” Wichman said. “I’ve seen countless cases where attackers promise to delete the data—but don’t. It’s valuable. Why wouldn’t they sell it again?”

Key Takeaways

• Physical threats are now part of ransomware playbooks
• Attackers are targeting families to increase psychological pressure
• Paying the ransom doesn’t ensure data safety or confidentiality
• Recovery times are worsening due to deliberate infrastructure sabotage