Google and the FBI are warning businesses about a ransomware crew using an unusually old-school tactic: showing up in person.
The group, known as Silent Ransom Group, has reportedly sent people posing as IT support staff into law firm offices. Once inside, the impostors attempt to steal sensitive data using USB drives, remote access software, or other tools that give the attackers a foothold on company systems.
It is a reminder that ransomware is no longer just a suspicious email attachment or a shady download link. The human side of cybercrime is becoming bolder, more direct, and far harder to spot at the front desk.
Silent Ransom Group ransomware threat targets law firms
Law firms are especially attractive targets for ransomware operators because they often hold confidential client files, financial information, contract details, litigation records, and privileged communications. That kind of data can be weaponized quickly.
According to the warning, Silent Ransom Group has used impersonation to gain trust before attempting data theft. In some cases, attackers pretend to be legitimate IT workers who need access to a machine, conference room, or network equipment. Once they get close enough, they can plug in a USB device, install remote access tools, or copy files directly.
The goal is not always to encrypt systems immediately. Many modern ransomware gangs prefer data theft and extortion. They steal files first, then threaten to publish or sell them unless the victim pays.
Fake IT support scams are moving from phone calls to office visits
Silent Ransom Group has previously been linked to social engineering methods such as callback phishing, where victims are tricked into calling a fake support number. The new concern is that the same playbook may now include physical access.
That shift matters. A convincing person with a badge, a clipboard, and a believable story can bypass protections that stop ordinary phishing. Reception teams, office managers, and employees may assume someone wearing business-casual clothes and claiming to be from IT has already been approved.
For attackers, even a few unsupervised minutes can be enough. A USB drive can run malicious scripts. A laptop can be connected to the network. Remote access software can be installed under the excuse of fixing a technical problem.
Google and FBI cybersecurity warning: what businesses should check now
The warning is a clear signal for companies to tighten both digital and physical security. Cybersecurity teams should review who is allowed on-site, how vendors are verified, and whether employees know how to challenge unexpected visitors.
Businesses should also audit remote access tools. If software such as AnyDesk, TeamViewer, ScreenConnect, or similar utilities appears on machines without approval, it should be investigated. These tools are legitimate when used properly, but cybercriminals often abuse them because they blend in with normal IT activity.
USB controls are another priority. Companies that handle sensitive data should limit the use of removable media, block unapproved devices, and monitor file transfers. If a stranger can walk in and copy client files to a flash drive, the security gap is not just technical. It is procedural.
How to protect your company from in-person ransomware attacks
Start with a simple rule: no surprise IT visits. Any person claiming to be technical support should be verified through a trusted internal contact, not a phone number or email address they provide.
Employees should be trained to report unusual requests, especially when someone asks for access to a computer, server room, network port, printer area, or file storage system. Security awareness training often focuses on inboxes, but this case shows that the front door matters too.
Organizations should also use strong endpoint protection, multi-factor authentication, least-privilege access, and network monitoring. If an attacker does manage to install a tool or copy data, fast detection can limit the damage.
For law firms, the stakes are particularly high. A breach can expose clients, trigger regulatory problems, damage trust, and create legal headaches of its own. The best defense is a mix of skepticism, verification, and clear internal rules that nobody is allowed to bypass.
Why this ransomware warning matters
The Silent Ransom Group alert shows how cybercriminals are blending online scams with real-world deception. The attack does not need to be technically advanced if the impersonation works.
Google and the FBI are effectively telling organizations to treat physical access as part of cybersecurity. The person at the door may be just as important as the alert on the firewall.
Tags: #Ransomware #Cybersecurity #SilentRansomGroup #FBIWarning #DataBreach