Google and FBI warn of ransomware group using physical intrusions to target law firms
Joint report from Google’s Mandiant unit and the US Federal Bureau of Investigation reveals cybercriminals are bypassing digital defences by sending imposters to victim offices to steal sensitive records.
Google and the Federal Bureau of Investigation have issued a joint warning regarding the Silent Ransom Group, a cybercriminal gang that has escalated its attacks on law firms by combining digital social engineering with physical intrusions. Between January and May of this year, the group targeted dozens of victims, sending imposters posing as IT support staff to gain direct access to victim offices.
These individuals used USB drives or remote access tools to exfiltrate sensitive information, including contracts, financial records, and personal details such as Social Security numbers. Unlike traditional ransomware attacks that encrypt files, the group employs an extortion model where it threatens to publish stolen data on a dedicated leak site if victims do not pay.
The FBI confirmed multiple instances of individuals impersonating IT support to gain or attempt to gain physical in-person access to victim companies’ offices and devices. This marks a significant escalation in tactics, moving beyond remote malware or phishing to involve physical presence in corporate environments.
Mandiant’s Chief Technology Officer, Charles Carmakal, stated that the company has investigated various matters where adversaries planted insiders, bribed employees, or physically entered buildings to facilitate cyberattacks. While this tactic is not entirely new, its application by the Silent Ransom Group represents a novel combination of methods aimed at bypassing standard digital security controls.
The gang also utilises traditional social engineering techniques, including phishing emails and follow-up phone calls. Hackers pretend to be IT support to trick victims into granting remote access via screen-sharing applications such as Zoom or Microsoft Teams. Once access is granted, they bypass security controls to install tools or steal data directly.
In cases where victims do not reach an agreement, the hackers email threats to notify employees, partners, and customers before publishing the stolen data. Google’s report highlights that the group builds trust under the guise of addressing security issues or aiding with corporate data migration projects to guide target behaviour.
This incident underscores a growing willingness among cybercriminals to take crimes one step further by mixing traditional hacking techniques with physical intrusions. The warning serves as a critical alert for legal institutions and other high-value targets to remain vigilant against both digital and physical security breaches.
