Google’s Mandiant team and the Google Threat Intelligence Group have warned that the Silent Ransom Group is sending imposters posing as IT support into law‑firm offices to copy data directly from computers. The report, which covers attacks from January through May, says the gang has targeted dozens of firms, using USB sticks or remote‑access tools after gaining physical entry.
The FBI’s recent alert corroborates the findings, confirming multiple cases where attackers pretended to be IT personnel to infiltrate offices. Google’s researchers note the gang also relies on classic phishing, social‑engineering phone calls, and screen‑sharing tricks in Zoom or Teams to convince victims to install remote‑access software. Mandiant CTO Charles Carmakal said the tactic of planting insiders or bribing employees has appeared in other incidents, underscoring a broader trend of blending cyber‑crime with in‑person intrusion.
Silent Ransom’s extortion model does not encrypt files; instead, it threatens to publish contracts, Social Security numbers, and tax records on a leak site unless a ransom is paid. The combination of physical and digital tactics marks a significant escalation that security teams are urged to monitor closely.
