Google and FBI report ransomware gang using fake IT workers for in-person hacks
6 reported
A ransomware group known as Silent Ransom Group has escalated attacks on law firms by sometimes sending fake IT workers in person to victims’ offices, according to a joint report from Google’s cybersecurity teams and the FBI. Google’s Mandiant and Google Threat Intelligence Group published a report on Friday detailing attacks from January through May 2026 that targeted “dozens” of victims. The gang uses physical access to steal data via USB drives or remote access tools, as well as traditional phishing and social engineering. The FBI issued an alert last month warning that the group had been targeting law firms with impersonation tactics. In some cases, the imposters gain entry by pretending to be IT support, then connect to computers to steal contracts, Social Security numbers, and financial records. The gang operates a leak site where it threatens to publish stolen data if victims do not pay, a tactic that does not always involve encrypting files. Google’s report notes that the hackers also use phone calls and screen-sharing sessions through apps like Zoom or Microsoft Teams to bypass security controls.
What’s reported
Silent Ransom Group targeted “dozens” of victims from January through May 2026.
The group sometimes sends fake IT workers in person to victims’ offices to steal data using USB drives or remote access tools.
The FBI published an alert last month warning that the group had been targeting law firms with social engineering and phishing attacks.
Stolen data includes contracts, Social Security numbers, and financial and tax records.
The gang uses a leak site to threaten victims with data publication if they do not pay.
Hackers also use phishing emails, follow-up phone calls, and screen-sharing sessions via Zoom or Microsoft Teams.
Key figures
Charles Carmakal, chief technology officer of Mandiant
Lorenzo Franceschi-Bicchierai, TechCrunch reporter
FBI spokesperson (unnamed)
Sources: TechCrunch
