A new survey has found that in 46% of ransomware incidents in the U.S., CEOs or other executives were physically threatened if their organizations did not pay the ransom demanded by hackers.

The findings in Semperis’ “2025 Ransomware Risk Report” highlight other pressure tactics, such as ransomware criminals threatening to file regulatory complaints to force payment. The study’s findings emphasize the need for businesses to remain vigilant against ransomware threats that can completely shut down their networks and websites until they pay ransom.

Many organizations cited a lack of experienced personnel or employee training as top challenges, opening the door to mistakes like clicking malicious links in e-mails that trigger ransomware.

Additionally, hackers are using new tactics to increase pressure on their victims.

 

Study findings

• 78% of organizations reported being targeted within the past 12 months.
• 55% of those that paid a ransom did so more than once, with 29% paying three or more times.
• 15% of organizations that paid never received usable decryption keys, or received corrupted ones, leaving equipment and data inaccessible.
• Less than one quarter (23%) recovered within a day, compared with 39% last year. Meanwhile, 18% needed between one week and one month, up from 11% in 2024.
• 42% paid ransoms of $500,000 or less, while 50% paid between $500,000 and $1 million.

 

New tactics

Physical threats — Ransomware actors are resorting to extreme measures to pressure victims into paying, including threats of physical harm to business executives. In the past 12 months, 40% of incidents involved physical threats against executives, according to the Semperis report.

Threats of reporting to regulators — in 47% of attacks, ransomware criminals threatened to file regulatory complaints against victim companies if they refused to pay.

This tactic was especially common against U.S. companies, likely due to cyber incident reporting requirements, including the Securities and Exchange Commission’s four-day disclosure rule for publicly traded firms. For example, ransomware group BlackCat reported one of its victims to the SEC in 2023 in a bid to pressure payment.

Other tactics — In early 2025, Cisco Talos reported that the Chaos ransomware group threatened additional damage by launching DDoS attacks and spreading news of the breach to competitors and clients if payment was withheld.

 

What businesses can do

• Address vulnerabilities and strengthen defenses to improve the ability to recover if an attack occurs.
• Regularly back up your data to an offline or secure location.
• Train staff to spot e-mails that may contain ransomware and avoid opening attachments or clicking on links from unknown or suspicious senders. Run cross-functional tabletop exercises every six months so executives, managers and technical teams know their roles.
• Ensure your organization has well-documented, clearly communicated crisis response and recovery processes, and practice them in test scenarios that mirror real-world conditions.
• Hold vendors and partners with system access accountable to the same security and recovery standards you require internally.
• Install updates to your operating system, web browsers and other software as soon as they become available and use a firewall.

 

If you are hit

• Contain the attack quickly. Isolate affected networks, revoke and rotate credentials, and preserve forensics. Then restore from clean, verified backups.
• Call your incident-response partner and legal counsel immediately. Parallel communication, legal and technical workstreams speed recovery and help limit secondary harm.
• Notify your cyber insurer right away. Expect tighter underwriting and potential premium impacts; nearly half of respondents reported coverage disruption after attacks.
• Treat ransom payment as a last resort. Require proof that a decryptor works on samples before transferring funds, and plan for the possibility that keys may never arrive.

 

The takeaway

Consider purchasing cyber insurance, which can help your organization recover from a ransomware hit or other cyberattack. In some cases, the insurer can help you avoid paying the ransom without compromising your ability to continue operating.

If you have questions about cyber insurance, give us a call.

Tags: Measured Risk Insurance Services, Ransomware