Researchers are seeing a “dramatic” increase in cybercrime involving physical violence across Europe, with at least 18 cases reported since the start of the year.
The hike in what experts refer to as “violence as a service” was first spotted in 2024 and has continued into 2025, especially in France where 13 of the total cases have taken place.
Individuals selected for the operation would need to obtain a ‘burner’ Windows laptop, travel to the UK-based entity’s corporate headquarters to connect to the onsite Wi-Fi, and provide remote access to the laptop via RDP…
In its annual European Threat Landscape Report, CrowdStrike cites figures collected by the co-founder of crypto security firm Casa, Jameson Lopp. Lopp tracks violent crypto crime, noting that many of those who partake in such crimes are members of The Com.
Perhaps the most high-profile case from the past year came in January when Ledger co-founder David Balland and his wife, Amandine, were kidnapped in Vierzon, central France.
The pair were detained separately, and the suspects severed David Balland’s finger, while another Ledger co-founder was contacted with the gang’s ransom demands, which have not been disclosed.
Ten people were reportedly arrested after the couple were freed. In Morocco a suspect French police allege to be the ringleader, 24-year-old Badiss Mohamed Amide Bajjou, was also detained by local authorities.
More recently, in Suresnes, near the French capital, a woman was reportedly punched in the face ten times in front of her husband and children by attackers attempting to steal the contents of her cryptocurrency wallet.
A month later, in Paris, a man who worked in the cryptocurrency industry was attacked in a luxury hotel. The assault and kidnapping took place at the upscale Peninsula Hotel, and French police say the victim claimed his assailants stole a hard drive containing €2 million (approx. $2.3 million) worth of Bitcoin, after demanding €400,000 (approx. $460,000).
An American tourist was also reportedly drugged by an Uber driver earlier this year with what he believed to be scopolamine, which the attacker used to force him to relinquish the passkeys to his crypto wallet, draining it of tokens worth $123,000.
Such attacks have also been seen in Asia, Africa, and the Americas. One notable case from this year led to a violent crypto thief in the US landing himself more than 50 years in prison.
“Individuals involved in physical cryptocurrency theft often operate within eCrime communities affiliated with ‘The Com,'” CrowdStrike said.
“Several of these individuals have previously advertised tools such as one-time password interception bots, which are Telegram-based tools that enable threat actors to automate vishing calls to victims and are often used to target cryptocurrency exchange accounts.”
The Com is a term used to describe very loosely affiliated groups whose members are part of underground cybercrime networks, which operate in multiple different verticals.
The cybercrime group commonly referred to as Scattered Spider is widely believed to be comprised of individuals who are also members of The Com, or Com networks.
Such networks give these individuals, who operate as cybercriminals in the more traditional sense, access to other types of miscreants who can fulfil jobs that those behind a keyboard typically are not willing to carry out themselves.
Referencing the attacks on British retail giants earlier this year, CrowdStrike said that unconfirmed intelligence suggested that Scattered Spider members attempted to recruit Com members to carry out a close-access operation at one of the three retail targets.
That operation involved sending willing recruits into the headquarters of one of these retail giants in order to establish a foothold in its network.
“According to the threat actor’s instructions, individuals selected for the operation would need to obtain a ‘burner’ Windows laptop, travel to the UK-based entity’s corporate headquarters to connect to the onsite Wi-Fi, and provide remote access to the laptop via RDP,” it said in the report.
“Whether the close-access operation occurred remains unconfirmed; however, the discussion of such a technique distinguishes Western eCrime threat actors from their Russian counterparts.”
UK suffers most as Europe’s cybercrime hotspot
It comes as little surprise that the UK, home to some of the biggest companies in the world, was the most targeted country in Europe by cybercriminals.
CrowdStrike ranked it above Germany, the only other European nation with a larger economy, by countries whose organizations appeared on data leak sites (DLS).
While using data taken from these sites is not an entirely reliable gauge of the actual number of attacks, given cybercriminals’ propensity for lying and over inflated claims, it serves as a useful, if imperfect, indicator of where criminals’ intentions lie.
CrowdStrike said that since January 2024, more than 2,100 attacks were claimed on European organizations, 92 percent of which were made by groups specializing in ransomware and data theft.
The remaining 8 percent were made by extortion-only outfits, such as Cl0p.
The UK was also the biggest focus for initial access brokers (IABs), who often facilitate ransomware and similar attacks by providing criminals with the credentials or remote access to prospective targets’ networks.
Academic institutions, professional services, and retail companies comprised the most common advertisements on underground forums, with sectors such as manufacturing, industrials and engineering, and technology trailing close behind.
CrowdStrike said: “Based on this dataset, IABs’ most advertised countries and sectors broadly coincide with those named on [big game hunter] (BGH) DLSs. This is likely due to multiple factors, one of which is the close collaboration between IABs and BGH adversaries.
“For example, Hook Spider – which has operated under several monikers on the Russian-language eCrime forums Exploit, RAMP, and XSS – has highly likely sold access to several BGH adversaries (including Bitwise Spider (LockBit) and Brain Spider) and is historically associated with Scattered Spider.” ®