The FBI Has a New Warning, and It Starts at Your Front Desk
The FBI recently warned that a criminal crew known as the Silent Ransom Group, active since 2022, has been targeting law firms and other professional offices to steal sensitive client data. What makes this campaign unsettling is how low-tech part of it is. When their online tricks fail, group members simply walk into the office, claim to be the company's IT support, and ask to "image" a computer or "create a backup." What they are really doing is copying confidential files onto a USB drive and walking back out.
Two Doors: The Inbox and the Lobby
The group works on two fronts. The first is remote. They send texts and emails posing as your IT department or a software vendor, then call to "help" and talk an employee into granting remote access to their computer. Once inside, they quietly pull files off the network. The second front is physical. If the remote approach fails, they show up in person, present themselves as IT, and count on the fact that almost no one questions the person who says they are there to fix the computers.
This is not hypothetical. The international law firm Jones Day was listed on the group's data-leak site in April 2026 after confirming a phishing incident. These criminals often skip ransomware that locks your files entirely. Increasingly, they just steal the data and threaten to publish it unless you pay.
Why Offices Like These Are the Target
Law firms, medical practices, accounting offices, and nonprofits all hold the same thing: large amounts of confidential information about other people. That data is valuable, and the pressure to keep it private makes extortion effective. You do not have to be a large firm to be worth the trip. Smaller offices are often easier to walk into, because the staff knows everyone and is trained to be helpful, not suspicious.
The One Habit That Stops This Cold
Here is the rule we want every client and every employee to internalize: if someone says they are from IT, ask for their name and credentials, and verify it before you give them anything. That applies whether they are on the phone, in an email, or standing at your desk.
In practice, that means getting the person's full name and the company they claim to work for, then not acting on the contact information they hand you. Step away and call your known IT contact using the number or email you already have on file, and confirm the request is real. A legitimate technician will never be offended that you checked. An impostor will get in a hurry, apply pressure, or leave. Real IT also does not need to copy your files onto a personal USB drive to run a backup, and will not ask you to keep the visit quiet.
What Offices Should Put in Place
Alongside that habit, the FBI recommends a handful of practical controls we help clients set up: verify the identity of every visitor at check-in, disable or restrict USB ports on machines that hold sensitive data, require phishing-resistant multi-factor authentication, lock down remote-access pathways, and give staff regular, plain-English security training so the "ask for a name and credentials" reflex becomes second nature.
How WolfTech Helps
We work with offices across the region to close exactly these gaps: visitor and access policies, USB and device controls, multi-factor authentication, locked-down remote access, and the staff training that ties it all together. If you want us to review how your office would handle a stranger who says "I'm from IT," contact us and we will walk through it with you.
