cybercrooks — are they crossing a line that will force Europe to change the way it defends its people and critical services?
They are, according to researchers tracking a “dramatic” uptick in cases where cybercriminals supplement extortion with threats or acts of physical violence. The pattern is clear: attackers are turning digital leverage into real‑world coercion, and France and the United Kingdom are among the countries feeling the heat. Researchers have logged at least 18 such incidents since the start of the year, a worrying signal that ransomware and extortion economies are evolving beyond bytes and into bodily risk.
H2: cybercrooks and the new calculus of coercion
Background: what’s changed
– Ransomware and extortion have long relied on encryption and data theft; more recently, “double extortion” added the threat of publishing stolen data.
– The newest escalation pairs cyber extortion demands with threats of, or actual, physical violence — raising stakes for victims and altering incident response calculus.
– Researchers report at least 18 Europe‑based incidents this year where violence was part of the extortion playbook, with France-based victims hit especially hard while the UK is named the most-targeted country overall.
Why this matters now
– Economic pressure: average ransom demands have been growing and the broader cost of recovery — downtime, legal exposure, remediation — often exceeds the ransom itself. Industry reporting notes the average ransom payment now exceeds $200,000, a number that reshapes decisions about whether to pay and how to prioritize defenses.
– Public safety: when attackers threaten people rather than systems, the incident shifts from a corporate security incident to one with potential criminal‑justice and emergency‑response implications.
– Policy and enforcement: cross‑border crime combined with physical threats accelerates the need for international investigative cooperation, clearer jurisdictional frameworks, and faster channels for sharing tactical intelligence.
Voices in the debate
– Technologists warn that persistent operational weaknesses — credential reuse, slow patching, lagging multi‑factor adoption — continue to provide attackers the footholds they need. The evolution into violent coercion underscores that layered, zero‑trust defenses and mature incident response are no longer optional.
– Policy officials have signaled intensified action against ransomware more broadly. For example, U.S. officials describe stepped‑up disruption efforts; domestically this has included indictments and asset seizures aimed at increasing the risk for operators. Such steps, while not focused on violent extortion specifically, form part of a broader deterrence strategy.
– Security practitioners note the shifting economics of criminality. Cybercrime-as-a-service platforms lower barriers for perpetrators, allowing even non‑technical actors to orchestrate high‑impact attacks — a factor that helps explain both volume and boldness of recent campaigns.
What organizations and users should do now
– Treat violent extortion as a multi‑domain threat: involve legal counsel, law enforcement, and physical security teams alongside IT and incident response.
– Harden the basics: enforce multi‑factor authentication, eliminate credential reuse, accelerate patching, and test disaster recovery and offline backups.
– Update playbooks and insurance discussions: tabletop scenarios should include threats to personnel and premises, and insurers will increasingly factor violent coercion into underwriting and response expectations.
From the adversary’s perspective
– The incentives remain clear: high payouts, opaque payment channels, and fragmented international enforcement make extortion lucrative. Criminal groups can monetize fear and reputational damage; adding threats of violence multiplies leverage and shortens the decision window for victims. Efforts to prosecute and disrupt — while growing — have not yet fully closed those economic incentives.
A nuanced picture
– Not all victims pay, and some trends point to resilience: reporting shows periods where ransom payments declined as victims resisted and shifted to recovery strategies. Still, the presence of violent coercion can change the calculus dramatically for organizations and individuals facing immediate threats.
Conclusion: what we risk if Europe does not adapt
The rise of cyber‑enabled physical coercion forces a question on every boardroom table and government brief: how do we protect people as well as systems? If attackers learn that threats of violence yield faster or larger payoffs, the cycle will become harder to break. The answer will require better technology, faster cross‑border law enforcement, clearer reporting and whistleblower channels, and a societal willingness to punish payoff channels — including tighter controls on illicit finance and cryptocurrency laundering. Will those changes come in time to keep the digital battleground from bleeding into the streets?
Source: https://go.theregister.com/feed/www.theregister.com/2025/11/04/cybercriminals_increasingly_rely_on_violence/




