RSS

Extortion crews are visiting law firms pretending to be tech support, FBI warns

Bender3 pts0 comments

FBI: Crooks enter legal offices and steal data via USB drive

Jump to main content

Search

REG AD

Security

Extortion crews are visiting law firms pretending to be tech support, FBI warns

Cybercriminals still allowed to walk into office blocks and convince staff to let them plug in their own thumb drives

Connor Jones

Connor<br>Jones

Cybersecurity reporter

Published<br>wed 27 May 2026 // 17:15 UTC

The FBI is warning unsuspecting lawyers that their firms continue to be an active target for members of a longstanding extortion crew.<br>Silent Ransom Group has been operating since 2022, by the FBI’s reckoning, and its latest message [PDF] about the gang comes almost exactly a year after its last. The group is still targeting US law firms and their staff, and the criminals are pretending to be company IT staff.<br>It also warned last year that the callback phishing specialists had started physically walking into the law firms’ offices when remote social engineering attempts go south. The FBI’s latest advisory reaffirms these findings, with fresh attacks reported in Spring 2026.

REG AD

Law firms should be locking up their USB ports because the extortion crew is still sending members to plug in their thumb drives into the computers, for when they can’t convince employees to surrender remote access.

REG AD

In these scenarios, they rock up to the victim they’ve tried to phish and socially engineer from behind a phone or computer screen, continue the facade of being a company IT rep, and then claim they need to image the person's device or create a backup file to assess the damage of their own phishing email.<br>What they’re actually doing is copying important files onto said thumb drive, which SRG will later use to extort the law firm.<br>The FBI didn’t say exactly how many of these in-person callouts SRG has made, but it was evidently enough to include in a fresh advisory on the group’s methods and tactics.<br>According to the advisory, these attacks were first reported in Spring 2026.<br>SRG in brief<br>SRG’s target industries used to be broader than just legal. The hack-and-leak group has been known to target organizations operating in various industries, but the legal sector has remained a common theme since 2023.<br>The FBI said in its advisory on the group last year that it believes SRG consistently targets US law firms “likely due to the highly sensitive nature of legal industry data.”

MORE CONTEXT

Crime crew impersonates help desk, abuses Microsoft Teams to steal your data

'Several dozen' high-value corporations hit by new extortion crew in helpdesk phishing spree

Formal ban on ransomware payments? Asking orgs nicely to not cough up ain't working

Pass the key, passwords have passed their sell-by date

When they’re not sending crooks into office blocks, SRG’s primary goal is to achieve their aims through callback phishing.

REG AD

Using SMS messages or emails, group members would single out employees at target companies, asking them to call a number while impersonating real IT staff.<br>If the staffer fell for the scheme, they’d call up, and the SRG IT imposter would attempt to convince them to grant access to a remote desktop session, during which they would elevate their privileges and set about stealing data to use as extortion leverage.<br>In some cases, SRG will run WinSCP or a disguised version of Rclone to scoop up files of interest. In others, they are known to share those documents using internal file-sharing platforms such as Google Drive or Microsoft OneDrive.<br>Before the callback phishing methodology, the group would send emails claiming that a fake subscription had been authorized that would charge small sums to the target’s account each month. The email included a phone number to call in order to cancel the subscription, and once on the call, the crooks would convince the target to install remote access software, and rinse-repeat the data theft playbook.<br>SRG is not known for using ransomware, but it operates a data leak site (DLS) just like any other extortion crew and charges victims to return the data they stole, threatening to leak it online if they refuse to pay.<br>Recent alleged victims of the group have included law giant Jones Day, the legal eagles favored by US president Donald Trump during both his election campaigns. SRG listed Jones Day on its DLS, and the law firm confirmed a “cyber phishing incident” in April, but did not name SRG as the culprits.<br>Your country needs you<br>The FBI pleaded with the public to send it any evidence of SRG in action to aid future investigations. Of particular use would be phone numbers used to contact the crooks, copies of the phone call transcripts and phishing emails, cryptocurrency wallet information, and identifying information of the individuals who step foot in office buildings.

REG AD

As for how to prevent attacks from SRG or others adopting similar methods, the FBI recommended that organizations disallow connecting external drives to company-issued devices,...

group extortion firms data phishing target

Related Articles

Amazon, Facebook, FBI have access to a private intelligence-sharing network

root-parent18 ptsseattle prism shield network private intelligence

Show HN: GoPeek – open links in live mini browser windows without new tabs

GeorgeWoff2518 ptsgopeek open browser links live mini

Agent Memory: An Anatomy

brgsk17 ptsmemory library user agent semantic libraries

SpaceX not the behemoth everyone thought

kaycebasques13 pts_blockquote instagram data vars text media

The Mirror Is Part of the Machine

london_safari10 ptstelemetry mirror decision logs enough time
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.