They Used to Steal Money, Now They Steal Lives. Cybercrime in 2025 Has Escaped the Screens
From hospital disruptions to kidnappings for cryptocurrency—cybercrime in 2025 has become more dangerous to people than ever before.
From hospital disruptions to kidnappings for cryptocurrency—cybercrime in 2025 has become more dangerous to people than ever before.
In 2025, cybercrime is increasingly transcending the realm of "just money." Behind attacks lie not only downtime costs and ransom payments but real human consequences—from medical disruptions and victim harassment to kidnappings, torture, and threats against executives' families.
The side effects of cyberattacks are usually mentioned only in passing. The industry is accustomed to measuring damage in currency: how much ransom was paid, the cost of downtime, investor reactions. Yet, what happens to people—patients, employees, parents, entire cities—often remains off-screen. And it is precisely such stories that have accumulated so many over the year that 2025 appears to be a turning point: the human cost of cyber incidents has become too obvious to ignore.
The most tragic example is linked to a ransomware attack on the British company Synnovis—a provider of laboratory and pathology services for major London hospitals. The breach occurred back in 2024, but in 2025, one of the affected medical trusts officially confirmed that a patient died during the disruptions caused by the attack and subsequent issues. This is significant not because "possible deaths due to ransomware" weren't discussed before, but because this marks the first officially acknowledged direct link between a cyberattack and a fatal outcome.
Another story of the year shows how low criminals can stoop when it comes to pressuring victims. In the attack on the children's network Kido International, the perpetrators didn't stop at publishing documents: images of children and personal data, including home addresses and adult contact information, were released into the public domain. Essentially, information about preschoolers became a tool for intimidation. Tellingly, even within the criminal community, this caused backlash: a rival group publicly shamed the attackers on a specialized forum, and they removed some of the materials. But the fact remains—the boundaries of "acceptable" in blackmail continue to blur.
In the UK, the most high-profile blow to the economy was the attack on Jaguar Land Rover. Production was idle for about 5 weeks, with the total damage, recovery, and ripple effects across the supply chain estimated at over £2 billion. The story also took on a social dimension: suppliers dependent on the automaker's orders faced financial difficulties and layoffs, and employees' families lived in constant tension—people feared losing income, not being able to pay their mortgages, and simply not being able to "make it" to the end of the year. The company itself did not announce mass layoffs, but the anxiety level among workers became part of the attack's consequences—albeit not the kind reflected in accounting ledgers.
A separate, frightening trend of 2025 is the convergence of cybercrime and physical violence, especially around cryptocurrency. Security researchers and companies are noting a rise in so-called "violence as a service," where threats, intimidation, and physical assaults become part of the criminal toolkit. The most high-profile episode was the kidnapping of Ledger co-founder David Balland and his wife: criminals demanded ransom from Balland's colleagues, and the story was accompanied by brutality that seemed "out of place" just recently. Simultaneously, industry experts point to observational statistics: for instance, enthusiast and entrepreneur Jameson Lopp, who maintains a public log of such cases, counted dozens of violent attacks related to crypto in 2025.
Pressure is also intensifying in "classic" ransomware. Research by Semperis showed that about 40% of ransomware victims faced threats of physical violence—not just abstract ones, but targeted ones, where criminals demonstrate knowledge of the personal lives and routines of families: where executives live, where their children go to school, what people do at home. This is no longer just a negotiation over a ransom amount, but a psychological attack pushing the victim to capitulate.
Against the backdrop of this escalation, news from law enforcement sounds alarming as well. Europol reported on an operation under Operational Taskforce GRIMM: 193 suspects were arrested in cases related to contract killings, intimidation, and torture. According to the agency, such schemes often involve teenagers—recruited or coerced into carrying out tasks "for money." This is no longer a story about malicious code, but about criminal networks where the digital aspect is merely an entry ticket.
Another trend of the year is "virtual kidnappings," where criminals use AI. The FBI warned that scammers take photos from social media, generate convincing images or audio/video using deepfakes depicting a person in danger, and demand ransom from relatives. Sometimes they even leverage real reports about missing persons to make their story more plausible. According to the FBI, over the past year, hundreds of such fraudulent schemes have netted perpetrators around $2.7 million. The recommendations are simple but vital: contact the police, do not comply with the "don't call anyone" demand, and have a pre-arranged family safe word to verify the authenticity of an emergency.
Finally, there are consequences that can affect entire cities at once—even if there are no casualties. In November, Crisis24, the provider of the CodeRED emergency alert system for US municipalities, was attacked. Due to the incident, citizen data was stolen, access to the alert application was temporarily lost, and authorities had to duplicate notifications via social media. It was fortunate that no major emergencies occurred during the downtime, but the vulnerability itself is obvious: a successful attack on such services can cause chaos not "somewhere in the server room," but on the streets.
If the early 2020s began with talk of "ransomware being a business," 2025 increasingly looks like the year cybercrime ceased to be just a business. Where there is extortion, pressure on families emerges. Where there is data, harassment and the risk of physical violence appear. And the higher the stakes—whether cryptocurrency or critical services—the greater the likelihood that the next attack will strike not at the balance sheet, but at people.
