The FBI has alerted U.S. law firms that the Silent Ransom Group (SRG) is conducting physical break-ins to steal data, marking a shift toward on-site extortion tactics.
The Silent Ransom Group has escalated its criminal operations beyond traditional ransomware attacks, now deploying operatives to physically infiltrate law firm offices and extract sensitive data directly.
The gang targets law firms specifically because they typically hold high-value client information, including financial records, intellectual property details, and confidential case files. Once stolen, SRG uses this data as leverage for extortion demands.
Attack Pattern
According to the FBI warning, SRG operatives gain entry to firm locations and access computer systems on-site. The group then exfiltrates data before disappearing, leaving victims with the threat of public exposure or sale if ransom demands go unmet.
This represents a notable tactical shift. Traditional ransomware gangs deploy malware remotely to encrypt systems. SRG's in-person approach reduces detection risk for the initial data theft phase and provides direct access to air-gapped systems or offline storage that remote attacks cannot penetrate.
Security Implications
The warning underscores that extortion groups are diversifying methods to overcome improving cybersecurity defenses. Physical security gaps become exploitable when digital defenses strengthen.
Law firms face particular vulnerability due to the sensitivity of client privileged information and the firms' general reluctance to publicize breaches.
Recommended Actions
The FBI guidance emphasizes multi-layered security measures: enhanced physical access controls, visitor vetting procedures, employee security awareness training, and endpoint protection systems. Firms should also maintain incident response plans and consider cyber insurance coverage.
The warning comes as ransomware and extortion operations continue evolving. Security experts note that hybrid attack strategies—combining physical and digital elements—present acute challenges for defenders, as traditional IT security teams may lack coordination with physical security personnel.
U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.
Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.
A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.