The Federal Bureau of Investigation (FBI) has issued a warning regarding the Silent Ransom Group’s (SRG) latest cyberattack campaign. This group is now targeting law firms by impersonating IT support personnel to infiltrate systems and steal data.
New Deceptive Tactics by SRG
Since 2022, SRG has been involved in cyber extortion, specifically targeting U.S. law firms beginning in 2023. Their method primarily involves sending phishing emails and conducting social engineering calls to mislead victims into believing they need assistance canceling subscription fees. This approach has evolved, as detailed in a recent FBI alert issued in May 2025.
Previously, SRG’s phishing emails included links to remote access software, enabling quick data theft from victims’ systems. However, this year, the group has refined its strategy by posing as internal IT department members, thereby deceiving employees into granting remote machine access.
In-Person Intrusion Methods
Should these digital methods fail, SRG employs a more direct tactic—sending operatives in person. Under the guise of IT support, these individuals insert devices such as USB drives into the victim’s computers, claiming to image the device or create backup files to mitigate phishing email impacts.
Once access is secured, SRG rapidly escalates privileges and exfiltrates data using tools like WinSCP or Rclone. In some cases, they transfer data to internal platforms like Google Drive or Microsoft OneDrive, often leaving minimal forensic evidence behind.
Mitigation and Prevention Strategies
The FBI advises organizations to implement stringent verification of all personnel with access to sensitive data and assets. Training employees to recognize phishing attempts and establishing clear IT communication protocols are essential defensive measures. Other recommendations include backing up data, enabling phishing-resistant multi-factor authentication, and restricting remote access and USB installations.
These actions aim to protect against SRG’s innovative and persistent intrusion attempts, which have proven elusive to traditional antivirus solutions due to their use of legitimate tools for malicious purposes.
The threat posed by SRG underscores the importance of robust cybersecurity practices, as the group continues to extort victims by threatening to disclose or sell stolen data. This highlights the critical need for vigilance and proactive security measures in the digital age.
