FBI Warns of In-Person Data Theft Attacks From Extortion Gang

The Silent Ransom Group, a splinter of the Conti ransomware syndicate, has refined its playbook to blend social engineering with physical intrusion. After initial phishing or spoofed IT‑helpdesk calls, the actors attempt a remote desktop session; when that is blocked, they dispatch a field operative to the victim’s office, connecting a USB drive or external hard drive to exfiltrate data. This two‑stage approach exploits the trust placed in internal IT teams while sidestepping network segmentation and endpoint detection tools.

Law firms are especially vulnerable because they handle sensitive client information and often rely on legacy document management systems. The FBI’s alert highlights tell‑tale signs: unauthorized IT personnel on premises, unexpected external storage devices, and sudden spikes in remote access requests. Firms that have not instituted strict verification protocols—such as multi‑factor authentication for support calls and physical badge checks—risk rapid data loss that can trigger costly extortion demands and reputational damage. Recent industry reports show a rise in similar tactics targeting financial institutions, suggesting a broader shift toward hybrid attacks.

The emergence of in‑person data theft forces organizations to rethink security beyond the digital perimeter. Recommendations include mandatory visual confirmation of IT staff identities, locked workstation policies, and continuous monitoring for anomalous USB activity. Collaboration with law enforcement, as demonstrated by the FBI’s flash alert, provides early warning and threat intelligence sharing. As threat actors continue to blend cyber and physical methods, proactive defense measures and employee awareness will be critical to mitigating the escalating risk.