Fake IT Workers Are Showing Up at Offices — And They’re After Your Data

Cybercrime has never been more brazen. Ransomware gangs have long relied on phishing emails and malicious software to compromise businesses — but a group known as the Silent Ransom Group has taken things a disturbing step further: sending fake IT personnel directly into victims’ offices to steal sensitive data in person.

Both Google and the FBI have now issued warnings about this group, and if your business hasn’t reviewed its physical and digital security posture recently, now is the time.

What the Silent Ransom Group Is Doing

On June 5, 2026, Google’s Mandiant and Google Threat Intelligence Group published a detailed report covering attacks carried out by the Silent Ransom Group between January and May of this year. The group targeted dozens of organizations — with a particular focus on law firms — using a combination of tactics that blur the line between cyber attacks and physical intrusion.

According to the report and a separate FBI warning, the group’s methods have included:

• Sending fake IT support personnel directly to victim offices
• Connecting to employee devices under the pretense of fixing technical issues
• Using USB drives or remote access tools to exfiltrate data on-site
• Planting insiders within target organizations
• Bribing employees to gain access
• Physically entering office buildings to support their cyber operations

The data stolen in these incidents has included contracts, Social Security numbers, financial records, and tax information — exactly the kind of sensitive material that law firms and professional services organizations handle every day.

FBI Warning

The FBI specifically warned that Silent Ransom Group actors have impersonated IT support staff and, in some cases, physically appeared at victim offices — connecting directly to employee computers to carry out their attacks.

How This Could Affect Your Business

Impersonating IT or technical support staff has become an increasingly common and effective tactic among cybercriminals. Why? Because it works. Most employees are conditioned to trust someone who arrives with a badge, a uniform, or the confident demeanor of a person who “knows computers.”

Under the guise of resolving a security issue or fixing a technical problem, attackers build rapport quickly. Once they’ve established trust, they can:

• Convince employees to join screen-sharing sessions via Zoom or Microsoft Teams
• Persuade users to install remote access software
• Bypass security controls that would otherwise block external access
• Walk out the door — or log off remotely — with your most sensitive files

Golden Rule

Always verify the identity and legitimacy of anyone requesting access to your devices or sensitive information — whether they appear in person, call on the phone, or reach out via email — before taking any action.

Why Law Firms Are a Prime Target

Law firms sit at the intersection of sensitive personal data, confidential business information, and financial records. A single breach can expose client Social Security numbers, ongoing litigation strategy, real estate transactions, and corporate trade secrets — all in one place. For ransomware groups, that makes legal practices an exceptionally high-value target.

But make no mistake: while law firms are currently in the crosshairs, any business that handles sensitive client data or financial records faces the same risk. Medical practices, accounting firms, HR departments, and small businesses with access to payroll data are equally vulnerable to social engineering attacks like these.

What You Can Do Right Now

1. Establish a Verified IT Support Protocol

Every employee should know the exact process for verifying an IT support request — including a callback number or internal ticketing system confirmation — before allowing anyone access to their device. If your IT support is outsourced, employees should have the vendor’s verified contact information on hand at all times.

2. Train Staff on Social Engineering Red Flags

Attackers are skilled at creating urgency (“Your computer has a virus and we need to fix it NOW”). Regular security awareness training helps employees recognize and respond to manipulation tactics before they become victims.

3. Control Physical Access to Your Office

Visitor logs, badge access, and escort policies aren’t just for large enterprises. Any business handling sensitive data should have clear procedures for who can enter, who must be escorted, and how unannounced visitors are handled.

4. Limit Remote Access Tool Permissions

Remote access software like TeamViewer, AnyDesk, or built-in screen sharing should require explicit approval each session and should only be authorized by your legitimate IT provider. Disable these tools entirely when not in active use.

5. Implement Multi-Factor Authentication (MFA) Everywhere

Even if an attacker gains physical access and steals credentials, MFA adds a critical second layer of defense that can stop a breach in its tracks.

How PDX IT Services Can Help

Defending against threats like the Silent Ransom Group requires more than antivirus software — it demands a layered security strategy that covers your people, your processes, and your technology. That’s exactly what PDX IT Services is built to provide.

PDX IT Services works with businesses throughout the Pacific Northwest to build security programs that hold up against both digital and physical threats. Here’s how they can help:

• Security Awareness Training — Educate your team to recognize social engineering, phishing attempts, and impersonation tactics before they cause damage
• Verified IT Support Protocols — PDX IT Services establishes clear, documented procedures so your staff always knows how to authenticate a real support request vs. a fake one
• Endpoint Protection & Remote Access Controls — Lock down which tools can be installed, who can request remote access, and how those sessions are logged and monitored
• Physical Security Consultation — Guidance on visitor management, access controls, and office security policies that prevent unauthorized entry
• Managed IT Services — Ongoing monitoring and support so threats are detected and responded to quickly, often before you even know there’s an issue
• Incident Response Planning — If the worst does happen, PDX IT Services helps you contain the damage, recover your data, and get back to business fast

Cyber threats are evolving, and so are the people behind them. The Silent Ransom Group’s willingness to show up at your front door is a sobering reminder that no business is too small, too obscure, or too careful to be targeted. Partnering with a trusted local IT provider is one of the most effective investments you can make in your business’s long-term security.