Silent Ransom Group
Cybercrime group (Russia-linked, formal state relationship unconfirmed) · Financial -- data theft and extortion
Tactics, Techniques & Procedures (TTPs)
- Vishing -- phone-based social engineering impersonating victim's IT helpdesk or managed services provider
- Physical intrusion -- dispatching operatives to victim premises posing as IT support
- USB-based data exfiltration when physical access is obtained
- Remote desktop session hijacking after successful vishing
- Zero-malware approach -- no payload deployed at any stage
- Single-extortion model: data theft and publication threat, no ransomware encryption
- BazarCall callback phishing methodology
Known Targets
Analyst Notes
FBI FLASH alert (TLP:CLEAR) issued 26 May 2026. No malware is deployed at any stage -- the entire attack chain uses social engineering, legitimate remote desktop tools, and physical access. This renders EDR, endpoint detection, and SIEM alerting entirely blind to the intrusion. Physical intrusion tactic (dispatching operatives to victim offices) documented as the escalation path when remote social engineering fails. Over 100 confirmed victims, 38+ with data published on SRG's clearnet leak site. Legal sector is primary target: law firms hold disproportionately valuable data (M&A terms, litigation strategy, client PII) against a security posture that often does not match the data sensitivity.
Also Known As