Ransomware Gangs Escalate to Physical Threats — Attackers Now Visiting Homes and Threatening Employees’ Families

Summary

A disturbing escalation in ransomware tactics has been documented: cybercriminal groups are now resorting to threats of physical violence against employees and their families when organizations refuse to pay ransom demands. According to recent threat intelligence reports, a significant percentage of ransomware incidents in 2025 involved direct intimidation of company staff, with over half of attackers making explicit threats.

The tactics go beyond digital harassment. Cybercriminals are gathering personal information about employees — home addresses, family details, daily routines — and in some documented cases, individuals disguised as officials have appeared at employees’ homes to deliver threats in person. This represents a dangerous shift from purely digital extortion to real-world intimidation and coercion.

The development comes as the global cost of ransomware is projected to reach $275 billion annually by 2031, and as ransomware operators continue to explore new pressure tactics beyond traditional data encryption and leak threats.

Source

📰 Cybersecurity Insiders · Check Point Research

Commentary

This is the part of the ransomware evolution nobody wanted but everyone should have expected. When you have organized criminal enterprises pulling in billions annually, it was only a matter of time before the extortion playbook expanded beyond the digital realm. Showing up at someone’s house is no longer a movie plot — it’s an operational tactic.

For organizations, this changes the calculus around incident response. It’s no longer just about data recovery and business continuity — it’s about employee safety. CISOs and legal teams need to consider physical security protocols as part of their ransomware response plans, including threat assessment coordination with law enforcement and employee notification procedures that account for real-world intimidation scenarios.