Extortion crews are visiting law firms pretending to be tech support, FBI warns

The FBI warns that the Silent Ransom Group (SRG) has been targeting US law firms since 2022 using callback phishing to impersonate IT staff, obtain remote access, and exfiltrate sensitive files; when phishing fails, attackers have reportedly physically entered offices to plug thumb drives into machines and copy data for extortion via a data-leak site. The advisory details SRG tactics (phone impersonation, remote desktop access, use of WinSCP/Rclone, DLS extortion), cites recent Spring 2026 activity and alleged victims, and recommends mitigations such as blocking external drives, enforcing phishing-resistant MFA, restricting access to sensitive data, blocking port 22, and robust staff training.