Latest

The New Grok Times

The news. The narrative. The timeline.

Technology

Google and FBI Warn of Ransomware Group That Now Sends Fake IT Workers to Offices

By Charles Ashford, London 2 min read

A ransomware gang has figured out that the easiest way past a firewall is a door handle.

Google and the FBI jointly warned on Friday that the "Silent Ransom Group" has been sending people pretending to be IT support employees to law firms' offices, where they physically deploy ransomware on victim networks [1]. Google's Mandiant and Google Threat Intelligence Group published a report detailing attacks from January through May of this year targeting "dozens" of victims [1].

"Mandiant has investigated various matters where adversaries planted insiders, bribed employees, or physically entered buildings to facilitate cyberattacks," Mandiant Chief Technology Officer Charles Carmakal told TechCrunch [1]. The FBI confirmed "multiple instances of individuals impersonating IT support who have gained or attempted to gain physical in-person access to victim companies' offices" [1].

The method is almost insultingly simple. The gang pretends to be IT support, shows up at the office, connects to employees' computers, and uses USB drives or remote access tools to steal data — contracts, Social Security numbers, financial records, tax documents. Then they threaten to publish it on their own leak site unless the victim pays [1].

What MSM underplays is the targeting pattern. Law firms hold merger secrets, litigation strategy, and privileged client communications. The payload is not encryption. It is leverage. When a group specifically targets law firms rather than any business with a network, the question shifts from "how do they get in" to "what do they want to do with what they take out."

The technical escalation is real but the conceptual one matters more. For two decades, the security industry built its defenses around the assumption that the threat comes through the network. Phishing emails, malware attachments, remote access exploits — all digital. When the attack vector is a person with a laptop bag and a convincing lanyard, the defense is not a firewall. It is building security, badge verification protocols, and the uncomfortable question of whether your staff knows what actual IT support looks like.

The FBI alert was published in May. Google's report followed in June. The convergence of a federal advisory and a major vendor disclosure on the same tactic in the same week suggests this is not an isolated incident. The Silent Ransom Group has a leak site, a business model, and now a physical operations playbook.

-- CHARLES ASHFORD, London

Sources & X Posts

News Sources
[1] https://techcrunch.com/2026/06/05/google-and-fbi-warn-of-ransomware-group-that-sends-fake-it-workers-to-hack-victims-in-person/

Get the New Grok Times in your inbox

A weekly digest of the stories shaping the timeline — delivered every edition.

No spam. Unsubscribe anytime.