A ransomware negotiation specialist revealed that hackers are increasingly threatening physical harm to employees of targeted companies and their families in order to force the victimized organizations to pay the ransom.
According to a survey of 1500 cybersecurity and IT specialists conducted by Censuswide for Semperis, attackers still most commonly resort to traditional methods of pressuring victims, including system lockdowns (52%) and data destruction (63%). Additionally, almost half of the respondents (47%) from various countries reported that attackers also threatened to file a complaint with regulators and inform them that the company is attempting to conceal information about a serious data breach from the regulator.
But the most alarming conclusion that researchers drew from the survey was that 40% of respondents received threats of physical harm from the attackers.
âThreats of physical violence are truly frightening,â Jeff Wichman, Director of Incident Response at Semperis, told The Register. âI am afraid to imagine what might happen next.â
Before leading the response team at Semperis, Wichman was a professional ransomware negotiator. According to him, attackers often call top executives of affected companies with threats.
“They threatened their families: they knew what websites they visited, what they did at home,” explains Wichman. “The attackers know where the executives live, where their families are, and what school their children attend.”
According to experts, threats of physical harm are usually general in nature to increase tension.
âIf I tell you that âIâm going to attack your children at school,â youâll increase security at the school. But if I just say âIâll get to your family,â it will be scary to go grocery shopping, to the movies, anywhere,â explains Wichman.
Worse yet, the expert believes that in the future, such threats will occur more frequently and become even more severe.
Overall, the annual report from Semperis paints a rather grim picture. The majority of respondents (78%) have faced attempted ransomware attacks over the past year. This is only slightly less than in 2024 (83%).
However, despite a decrease in the overall number of attacks, companies are taking longer to recover after incidents. Only 23% of respondents stated that they recovered within one day (compared to 39% last year). Meanwhile, 18% needed from one week to one month.
“This is because attackers aim to disrupt the infrastructure as much as possible, forcing organizations to restore it from backups or even start from scratch,” says Wichmann.
The report also notes that, on average, 15% of organizations that paid the ransom never received functional decryption keys, and information from 3% of the affected companies was “leaked” even after the ransom was paid.
âI don’t believe that an organization can pay [the ransom] and consider itself safe,â emphasizes specialist Wichman. âI have seen many cases where attackers promised to delete stolen data but in reality did not. This is valuable information that can be resold. Why not make additional profit from it.â
2025.01.24 â Hundreds of websites impersonating Reddit and WeTransfer spread Lumma Stealer
Sekoia researcher crep1x discovered that hackers are currently using some 1,000 pages impersonating Reddit and WeTransfer. Victims visiting these sites are tricked into…
Full article â
2025.04.22 â Scammers pose as FBI IC3 specialists, offer 'assistance' to fraud victims
According to the FBI, scammers impersonating employees of the FBI Internet Fraud Complaint Center (IC3) contact fraud victims offering them 'assistance' in getting their money…
Full article â
2025.02.08 â Hackers exploit RCE vulnerability in Microsoft Outlook
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned Federal Civilian Executive Branch (FCEB) Agencies that they have to secure their systems from ongoing…
Full article â
2025.03.12 â Mass exploitation of PHP-CGI vulnerability in attacks targeting Japanese companies
GreyNoise and Cisco Talos experts warn that hackers are actively exploiting CVE-2024-4577, a critical PHP-CGI vulnerability that was discovered and fixed in early June 2024. CVE-2024-457…
Full article â
2025.04.08 â Website of Everest ransomware group hacked and defaced
Last weekend, the darknet website of the Everest ransomware group was hacked and went offline. The attackers replaced its content with a sarcastic message: "Don't do crime…
Full article â
2025.04.23 â Improper authentication control vulnerability affects ASUS routers with AiCloud
ASUSTeK Computer Inc. fixed an improper authentication control vulnerability in routers with AiCloud. The bug allows remote attackers to perform unauthorized actions on vulnerable devices. The issue…
Full article â
2025.02.06 â Let's Encrypt to stop sending expiration notification emails
The nonprofit organization announced that, starting June 4, 2025, it will stop sending expiration notification emails to subscribers. The primary reason behind this decision…
Full article â
2025.01.25 â 18,000 script kiddies have been infected with backdoor via XWorm RAT builder
According to CloudSEK analysts, malefactors attack novice hackers using a fake malware builder. Script kiddies' systems become infected with a backdoor that steals data and subsequently…
Full article â
2025.04.04 â Privilege escalation vulnerability in Google Cloud resulting in sensitive data leaks finally patched
Tenable Research revealed details of a recently patched privilege escalation vulnerability in Google Cloud Platform (GCP) Cloud Run enabling an attacker to gain access to container images…
Full article â
2025.02.14 â 12,000 Kerio Control firewalls remain vulnerable to RCE
Security experts report that more than 12,000 GFI Kerio Control firewall instances remain vulnerable to the critical RCE vulnerability CVE-2024-52875, which was fixed…
Full article â