From: https://shorturl.at/INg4Q (theregister.com)

===
The human harms of cyberattacks piled up this year, and violence expected to
increase

Connor Jones
Sun 28 Dec 2025 // 14:34 UTC

The knock-on, and often unintentional, impacts of a cyberattack are so
rarely discussed. As an industry, the focus is almost always placed on the
economic damage: the ransom payment; the cost of business downtime; and
goodness, don't forget those poor shareholders.

But, in recent years, the toll on human life has become increasingly
apparent.

We know the poor sods working in the security operations center give up
their weekends every time a phish slips through the net, and we know how
hard corporate spin doctors have to work on controlling post-attack
narratives. However, there is a sense that the real harms affecting real
people, most of whom don't realize how their lives could change because of
a cybercriminal's thirst for chaos, or cash, are increasingly central to
the telling of a modern cybercrime story.

Attacks over the past year were not the first to affect human life, but
the sheer volume of them makes 2025 worth a revisit, starting with the
most tragic of all.

Synnovis: The first confirmed ransomware-related death

Yes, Qilin's ransomware attack on Synnovis, a pathology services provider
to major London hospitals, took place in 2024. And yes, The Register
exclusively reported on the devastating human cost of the attack at the
time, too.

But, earlier this year, King's College Hospital NHS Trust - one of the
hospitals affected by the blood shortages - confirmed that a patient died
during the period of service disruption caused by the cyberattack.

It is still believed to be the first confirmed case of a
ransomware-related death.

Others have been discussed in previous years, including a 2020 attack on a
DUsseldorf hospital, and claims from the University of Minnesota's School
of Public Health, which estimated between 42 and 67 US Medicare patients
may have died as a result of ransomware.

The attack on Synnovis, however, is the only confirmed direct link between
cybercrime and death, which is why it makes this list. Despite occurring
in 2024, the link was officially established this year, so it makes the
cut.

Kido International: Pre-schoolers' personal data weaponized

In recent years, we've seen ransomware crooks leak cancer patients'
medical imagery, and hit institutions from charities to children's
hospitals, but this year's attack on Kido International reached lows never
seen before.

Radiant Group posted the images of 10 schoolchildren online, complete with
their home addresses, parents' names, and guardians' contact details.

In verifying the leaked data was genuine, The Register spoke to some of
the affected children's parents, all of whom told of their fury over the
attack and what the criminals did with the data.

Dray Agha, senior manager of security operations at Huntress, told us at
the time: "This represents a reprehensible erosion of any remaining
boundaries in the cybercriminal ecosystem. By weaponizing the personal
data of infants and toddlers, this group has sunk to a depth that even
other threat actors may condemn."

He went on to say that the decision to publish the children's images and
data was counterproductive; from a PR perspective, the way Radiant handled
the disclosure would prevent victims from productively engaging with it.

Even for a ransomware gang, this was bad... so bad that rival operation
Nova publicly shamed Radiant on the Russian cybercrime forum RAMP, peer
pressuring it to remove the data.

JLR: A landmark loan and a workforce living in fear

The massively disruptive attack on Jaguar Land Rover is one of the worst
to ever hit the UK, from an economic perspective.

The cost of its five-week shutdown, the associated recovery, and the
missed payments to its huge supply chain, was pegged at more than L2
billion ($2.68 billion). It led to the UK government stepping in with a
novel financial support package, and dented the UK's GDP growth at the
back end of the year.

Companies across JLR's supply chain were affected too, as its factories
were in no position to order parts due to the production shutdown. Reliant
on their contracts with the major automaker, the Unite workers' union said
it was aware of layoffs across JLR's suppliers, which were struggling to
stay afloat while the company restored its systems.

JLR itself made no redundancies throughout the ordeal, although its
workers, most of whom were told to stay at home throughout the cleanup,
and their families, lived in fear for their livelihoods.

The wife of one worker at JLR's Halewood facility said she feared the
family not being able to afford food or presents at Christmas, while the
parents of a young staffer in Solihull were concerned for their son's
ability to afford rent after recently moving into his own property.

Amputations for compensation: Violence and cybercrime coalesce

As cryptocurrency valuations grow ever loftier, so too do the ambitions of
cybercriminals who will seemingly stop at very little to get their hands
on it.

Security shop and infamous Falcon update fudger CrowdStrike said last
month that it observed a "dramatic" increase in violence as a service
activity across Europe.

Its report zeroed in on violent cryptocurrency thefts, which according to
data it cited, have increased compared to 2024.

Violence as a service, as a genre of cybercrime, is not unique to 2025,
nor is it solely tied to crypto thefts, although that specific
intersection is the most common.

Avid Reg readers may remember our coverage of a high-profile case in the
US from 2024 involving Remy Ra St Felix, head thug behind a spate of
violent home invasions targeting crypto-wealthy Americans.

However, the upward trend of violent cybercrime has bled into 2025 and
racked up a torrent of cases, ranging from extortion to full-on
amputations.

Regarding the latter, arguably the most infamous example came in January
when Ledger co-founder David Balland and his wife, Amandine, were
kidnapped by a 10-strong gang who then demanded a ransom (no -ware) from
other Ledger execs.

Jameson Lopp, co-founder of crypto security biz Casa, publicly tracks
violent crypto thefts, recording 67 for 2025 in total.

A warning to readers: You can peruse the stories Lopp tracks via his
GitHub page, but some of the details are really not for the faint of
heart.

Elsewhere, security researchers report ransomware crews are upping the
ante with their attacks, increasingly resorting to threats of physical
violence during the negotiation period.

A Semperis study from July found that around 40 percent of ransomware
victims had received such threats, which Jeff Wichman, Semperis' director
of breach preparedness and response, said would likely increase over the
coming year.

"The threats of physical harm are pretty scary," he told The Register. "I
am afraid of what's next."

"It was threats against their family members: what their [internet]
surfing traffic was, what they did at home," Wichman said. "The attackers
know where the executives live, they know where their families are, they
know where their kids go to school."

Most recently, Europol announced as part of its Operational Taskforce
GRIMM that it arrested 193 suspects linked to crimes related to contract
killings, intimidation, and torture. These typically involved grooming or
coercing kids and teens to carry out the acts for cash.

Virtual kidnappings: An AI-powered evolution

The FBI recently warned about how emergency scams are evolving, with
criminals now leveraging advanced deepfake technology to carry out virtual
kidnappings.

Lowlifes take images from social media, run them through AI programs to
depict the subject as if they are in danger, and send them to family
members in the hope of receiving a ransom payment.

This is the typical model, although the feds warned that some criminals
are even seeking out real missing person information posted online, and
using that to craft their insidious campaigns.

While the FBI did not respond to our questions about the total number of
cases it has observed in the past year, according to its figures, hundreds
of emergency scams were reported last year, in total costing victims
around $2.7 million.

The proof-of-life images these criminals send to families can seem highly
convincing at first glance, especially to those already in distress, but
close inspection of these AI-doctored materials often reveals
inaccuracies.

They will be told not to by the scammers, but victims should contact their
local police forces if they receive these kinds of images. They have
trained professionals equipped to handle these situations, who can discern
a real from a fake.

Families should also avoid sharing information with strangers while
travelling, the FBI said, and set a code word so that if any friend or
loved one is genuinely kidnapped, they can reliably provide proof-of-life.

Code red: Emergency alert systems downed

Death, torture, and amputations aside, when we think about cyberattacks,
among the more concerning potential consequences is the impact they can
have on critical infrastructure, such as emergency services.

Luckily, such events are rare. UK telcos BT and Three suffered an outage
in July caused by a software issue, which prevented customers from calling
emergency services, but cyberattacks almost never impact these services.

However, last month's attack on Crisis24, which provides the CodeRED
emergency alert system to various US municipalities, resulted in citizens'
data being stolen and access to the alerts app temporarily revoked.

The OnSolve CodeRED platform provides users with rapid alerts for
emergencies such as weather warnings, terror threats, and more.
Authorities in the affected areas resorted to sharing the same
notifications via their social media pages while they waited for CodeRED
to come back online.

No crises took place during the period of downtime, fortunately, although
the attack demonstrates how a ransomware gang could have unintentionally
caused intense chaos across various communities. (R)
===

-- Sean

... The "Any" key? See the one in the back marked "Power"?
--- MultiMail/Linux
* Origin: Outpost BBS * Johnson City, TN (618:618/1)