FBI warns of in-person data theft attacks from extortion gang

The FBI issued a warning Tuesday about Silent Ransom Group (SRG), an extortion gang now conducting in-person data theft operations against U.S. law firms.

SRG combines traditional extortion tactics with physical break-ins to steal sensitive client data. The group targets law offices to access confidential documents, client information, and case files that hold significant financial and legal value. Rather than relying solely on ransomware or remote compromise, SRG operatives physically penetrate buildings to extract data before demanding payment for non-disclosure.

Law firms present attractive targets for SRG. These organizations store privileged attorney-client communications, intellectual property details, merger and acquisition information, and personal data belonging to clients across multiple industries. A single breach exposes not just the law firm but also its client base to extortion pressure. SRG leverages this cascading exposure to demand ransom from both the firm and potentially affected clients.

The physical theft component distinguishes this operation from most ransomware campaigns. SRG avoids the detection mechanisms that catch remote intrusions. On-site theft requires no malware deployment, no network compromise, and no digital forensics trail. Security teams cannot detect what they cannot monitor through traditional endpoint or network monitoring.

Law firms should implement layered physical security controls immediately. Access controls, visitor verification, surveillance systems, and document destruction protocols reduce the attack surface. Firms handling high-value matters should review data storage practices and ensure sensitive files remain compartmentalized and protected.

The warning reflects an evolving extortion landscape. Criminal groups increasingly recognize that physical access bypasses cybersecurity investments entirely. Organizations cannot defend against threats that operate outside their digital perimeter. Law firms must treat physical security with the same rigor applied to network defense, or risk exposure to both data theft and extortion.