Google and FBI Warn of Ransomware Group's In-Person Hacking Tactic
Google and the FBI have issued a joint warning about the Silent Ransom Group, a cybercriminal gang now dispatching fake IT workers to victims' offices for in-person data theft. Targeting law firms, these imposters steal sensitive data via USBs or set up remote access. This novel approach, combining physical intrusion with digital methods, marks a significant escalation in ransomware tactics.
In a disturbing escalation of cybercrime, the Google cybersecurity teams Mandiant and Google Threat Intelligence Group, alongside the FBI, have issued a joint warning about a ransomware gang known as Silent Ransom Group. This sophisticated group has begun deploying an audacious tactic: dispatching individuals masquerading as IT support personnel directly to victims' offices to physically steal sensitive data.
According to reports from both Google and the FBI, these imposter IT workers have gained in-person access to law firms, using USB drives to exfiltrate critical information or establishing remote connections for other gang members. This method represents a significant shift from traditional online attacks, blending physical intrusion with digital exploitation, and has affected dozens of victims between January and May of this year.
Unprecedented Physical Intrusion
Google's comprehensive report, released on Friday, details Silent Ransom Group's attempts to compromise victims' information through "physical, in-person access." Charles Carmakal, Mandiant's chief technology officer, noted this isn't entirely new for the cybersecurity firm, stating they have observed similar tactics involving insiders, bribed employees, or physical entries in other cyberattack investigations over the years.
Parallel to Google's findings, the FBI previously published an alert last month, specifically highlighting Silent Ransom Group's targeting of law firms. The alert detailed instances where fake IT support gained or attempted to gain physical entry to offices and devices, subsequently stealing contracts, personal identifiers like Social Security numbers, and confidential financial and tax records.
An FBI spokesperson confirmed the alarming trend, stating the bureau has observed "multiple instances of individuals impersonating IT support who have gained or attempted to gain physical in-person access to victim companies’ offices and/or devices as part of Silent Ransom Group’s scheme to exfiltrate data."
The Extortion Model
Unlike traditional ransomware that encrypts data, Silent Ransom Group employs a data exfiltration and extortion model. After successfully stealing data, the gang threatens victims with public disclosure if a ransom is not paid. They maintain a dedicated leak site where stolen information is published, further pressuring non-compliant targets.
Hackers typically initiate contact with victims via email, issuing stark warnings. One reported threat from the group stated: "In case of ignorance or no agreement, We will notify your employees, partners and customers, after which We will publish your data." This tactic leverages reputational damage and legal consequences as a primary leverage point.
Broader Attack Vectors
While the in-person tactic is a notable escalation, Silent Ransom Group also utilizes more conventional, albeit effective, cyberattack methods. These include targeted phishing emails, follow-up phone calls, and sophisticated social engineering techniques.
The cybercriminals often impersonate corporate IT support, guiding targets to join screen-sharing sessions under the guise of resolving a security issue or assisting with a data migration project. They then exploit this manufactured trust to convince victims to download and open specific screen-sharing applications or leverage features within legitimate platforms like Zoom or Microsoft Teams, effectively bypassing security protocols to gain remote access and steal data.
Implications for Cybersecurity
This blend of physical and digital attack vectors signifies a worrying evolution in cybercriminal strategies. It underscores a willingness by groups like Silent Ransom Group to invest more resources and take greater risks to achieve their objectives. For organizations, particularly those handling sensitive client information like law firms, this means a need for heightened vigilance and more robust physical and digital security protocols.
The warnings from Google and the FBI serve as a critical alert to businesses across sectors, emphasizing that the threat landscape is constantly adapting. Protecting against such multifaceted attacks requires not only advanced technological defenses but also comprehensive employee training to identify and challenge suspicious requests, whether online or, increasingly, in person.
FAQ
Q: What is the Silent Ransom Group's new and concerning tactic?
A: The Silent Ransom Group is sending individuals impersonating IT support workers directly to victims' offices to physically steal data using USB drives or establish remote access.
Q: Which types of organizations have been primarily targeted by these attacks?
A: Law firms have been the primary target, with the group aiming to steal sensitive information such as contracts, personal identifiers, and financial records.
Q: Besides in-person intrusions, what other methods does Silent Ransom Group use to compromise systems?
A: The group also employs traditional tactics, including phishing emails, social engineering phone calls, and tricking victims into screen-sharing sessions to gain remote access and exfiltrate data.
Related articles
Kratom Civil War Escalates as Health Secretary Targets 7-OH, MAHA
Health Secretary RFK Jr. is pushing to ban 7-OH, an active component of kratom, sparking a "civil war" among advocates. This move follows a previous successful fight against a DEA ban on kratom, highlighting ongoing regulatory challenges and divisions within the advocacy community.
Google Messages Optimization: Essential Settings for a Better
A comprehensive review of ZDNET's recommended 9 Google Messages settings for enhanced privacy, reduced clutter, and a tailored user experience on Android devices, offering a pragmatic guide to optimize your messaging.
The impossible dream of the universal remote: Logitech Harmony — Key
Tech veterans David Pierce, Nilay Patel, John Higgins, and Nest co-founder Matt Rogers revisit the legacy of the Logitech Harmony universal remote on The Verge’s “Version History” podcast. Despite being the market leader for years, the Harmony ultimately faded, highlighting the persistent challenge of unifying home entertainment control. Its story reveals how even a compelling product can struggle in an evolving tech landscape.
startups: Grassroots opposition blocked $130 billion in US data
Grassroots opposition groups successfully blocked or delayed 75 data center projects worth $130 billion across the US in Q1 2026, matching the total disruptions for all of 2025. Driven by concerns over electricity, water, and noise, the number of anti-data center groups has doubled to 833 nationwide, profoundly impacting the AI industry's expansion plans amid shifting public opinion and legislative action.
AI Agents: Tool Calling & Coordination Solved, Transport Still
The rapidly evolving landscape of AI agent communication is witnessing a familiar pattern: initial proliferation of protocols, followed by gradual consolidation. While significant progress has been made in standardizing
Anthropic's Model Suspension Ignites India's AI Sovereignty Debate
Anthropic's recent decision to suspend access to its newest AI models, Fable 5 and Mythos 5, for all foreign nationals following a U.S. government directive has sent ripples across the global technology industry. In