Google and FBI Warn of Ransomware Group that Sends Fake IT Workers to Hack Victims in Person

The Silent Ransom Group has taken ransomware beyond the screen, deploying actors who walk into law‑firm offices dressed as IT support. By physically plugging USB drives into workstations or establishing remote‑access sessions from inside the network, the gang extracts contracts, Social Security numbers and tax records in a matter of minutes. This tactic blends classic social‑engineering phishing with a hands‑on breach, a combination rarely seen at scale. Law firms, which store sensitive client data and are accustomed to third‑party IT vendors, present a low‑friction entry point for such in‑person attacks.

The FBI’s recent alert and Google’s Mandiant report underscore a shift in threat modeling: perimeter defenses alone no longer suffice. Organizations must treat every visitor as a potential attack vector, enforcing strict badge controls, multi‑factor authentication for privileged tools, and real‑time monitoring of removable media. Cyber‑security teams should coordinate with facilities management to verify the identity of any IT personnel, and deploy endpoint detection that flags unauthorized USB activity. Training programs that simulate physical‑social‑engineering scenarios can also harden employee vigilance against imposters.

Industry analysts predict that other criminal groups will adopt similar hybrid approaches, especially against sectors handling high‑value data such as finance, healthcare and legal services. Regulators may respond with guidance that expands the definition of data‑security incidents to include physical intrusion, prompting firms to disclose such breaches under existing privacy laws. As the line blurs between cybercrime and traditional burglary, the market for integrated security platforms—combining video analytics, access‑control logs and threat‑intelligence feeds—is likely to accelerate, offering a more holistic defense against the next wave of ransomware extortion.