Ransomware Gang Poses as IT Staff to Infiltrate Law Firms
In a concerning development, a ransomware group known as the Silent Ransom Group (SRG) has escalated its tactics by physically infiltrating law firms under the guise of IT support personnel. This method allows them to access sensitive data directly from victims’ computers.
Between January and May 2026, SRG targeted numerous law firms, employing deceptive strategies to gain physical access to their offices. Once inside, imposters connected to employees’ computers, utilizing USB drives or remote access tools to extract confidential information, including contracts, Social Security numbers, and financial records.
Charles Carmakal, Chief Technology Officer at Mandiant, highlighted the severity of this approach, noting that while insider threats and physical breaches have been observed before, SRG’s method represents a significant escalation in cyberattack strategies.
The Federal Bureau of Investigation (FBI) corroborated these findings, confirming multiple instances where individuals impersonated IT support staff to gain unauthorized access to company offices and devices.
SRG’s extortion tactics involve threatening to publish stolen data on their leak site if victims refuse to pay the demanded ransom. They often send direct emails to victims, warning of potential data exposure to employees, partners, and customers unless an agreement is reached.
In addition to physical infiltration, SRG employs traditional cyberattack methods such as phishing emails, follow-up phone calls, and social engineering. By masquerading as legitimate IT support, they deceive employees into granting access to their systems, often guiding them to join screen-sharing sessions under the pretense of addressing security issues or assisting with data migration projects.
This blend of physical and digital intrusion underscores the evolving nature of cyber threats, emphasizing the need for organizations to bolster both their physical security measures and cybersecurity protocols.
