Cyberattacks are no longer strictly a remote-access problem. A new joint warning from Google's cybersecurity teams and the FBI describes a ransomware organization that has crossed a troubling threshold: physically placing impersonators inside victim organizations to steal data in person.
The group, known as Silent Ransom Group, has been targeting law firms in the United States using a combination of social engineering, phishing, and fake IT support calls. What makes this campaign stand out is that in several confirmed incidents, the gang went beyond phone calls and emails — they actually sent individuals to victims' offices posing as IT support personnel. Once inside, these imposters plugged USB drives into company computers, transferred sensitive files, or helped remote gang members establish unauthorized access.
Google's Mandiant and Google Threat Intelligence Group released a joint technical report on Friday documenting the campaign. Charles Carmakal, Mandiant's chief technology officer, confirmed to TechCrunch that the company has investigated multiple cases where adversaries either planted insiders, bribed employees, or physically entered buildings to facilitate attacks. The FBI has independently verified several similar incidents and issued an alert to the legal sector warning of the escalating physical social engineering threat.
Silent Ransom Group typically targets law firms because they hold highly sensitive client information — case files, financial records, intellectual property, and confidential communications — that create strong leverage for extortion. The group has reportedly been active since at least 2022 and has evolved its tactics significantly, expanding from credential phishing to in-person deception campaigns that require far more planning and resources.
Why It Matters
This type of hybrid attack — combining digital social engineering with physical infiltration — represents a meaningful escalation in ransomware tactics that enterprise security teams must now account for. Most corporate security postures are designed to defend against remote threats: malware, phishing, brute-force credential attacks, and supply-chain compromises. Physical insider threats remain a blind spot for many organizations, particularly professional services firms and smaller enterprises that rely on front-desk or receptionist-level vetting rather than formal badge access or visitor management systems.
The warning from Google and the FBI also highlights how organized ransomware groups are willing to invest significant operational effort when the potential payout justifies it. Law firms managing high-profile litigation or major transactions are prime targets. Organizations in this category should consider reinforcing physical security policies: verifying the identity of on-site service personnel through a formal ticketing or vendor management system, ensuring that USB port access is locked down on critical workstations, and cross-checking any unscheduled IT support visits against open service requests before granting access.
For enterprise security leaders, this campaign is a reminder that the attack surface now includes the lobby and the server room, not just the inbox.
Source: TechCrunch, June 5, 2026