Targeting and Longevity: Active since at least 2022, the Silent Ransom Group (SRG) has consistently targeted US-based law firms and professional sectors since Spring 2023.
Data Theft Without Encryption: Unlike traditional cybercriminals, SRG completely bypasses ransomware encryption, focusing instead on immediate data exfiltration and extortion via public data leaks.
Physical and Digital Social Engineering: Threat actors pose as internal Information Technology (IT) support through phone calls, even sending physical operatives to victim locations to insert Universal Serial Bus (USB) storage devices if remote access attempts fail.
The Federal Bureau of Investigation (FBI) has issued a warning regarding the Silent Ransom Group (SRG), a cybercriminal organization conducting high-stakes data theft operations. SRG primarily targets professional services like law firms, insurance, and healthcare providers. Instead of using traditional encryption methods to lock files, the group utilizes callback phishing and voice phishing to trick employees into granting remote desktop access. Once inside, they deploy legitimate system management tools to rapidly exfiltrate data to cloud platforms or external servers, subsequently demanding a ransom under the threat of releasing the information on public leak sites.
As of Spring 2026, the group has escalated their tactics to include in-person social engineering schemes. If remote access tricks fail, SRG sends a person directly to the victim company’s office. Posing as internal IT support, the individual attempts to gain physical access to computers to manually insert USB drives or external hard drives under the guise of creating device images or backups. To minimize this threat, organizations are urged to implement strict visitor verification policies, deploy phishing-resistant Multi-Factor Authentication (MFA), and establish secure communication protocols for IT personnel.
Source: Bleeping Computer
