If a stranger in a lanyard turned up at your office tomorrow saying they were from IT, here to fix a "security issue," would your staff let them plug a USB drive into a work computer? A ransomware gang is betting that plenty would.
Editor
Kai T chevron_right
Table of Contents
What Google and the FBI found
Google’s cybersecurity units Mandiant and the Google Threat Intelligence Group published a report on 5 June 2026 accusing a group called Silent Ransom Group of stealing company data "using physical, in-person access." According to TechCrunch, which reported the findings, the attacks ran from January through May this year and hit "dozens" of victims, most of them law firms.
The method is brazen. Instead of only emailing malware, the group has at times sent people posing as IT support staff straight into a target’s office. Once inside, the imposters copy files onto USB drives or quietly hand remote access to other gang members, walking off with contracts, financial records, and personal data such as identity and tax details. The FBI said it had seen "multiple instances" of people impersonating IT support to gain physical access to company offices and devices.
Mandiant’s chief technology officer Charles Carmakal told TechCrunch the firm has investigated cases where attackers "planted insiders, bribed employees, or physically entered buildings" to carry out cyberattacks. Most of the time the group still leans on the familiar playbook: phishing emails, follow-up phone calls, and a caller pretending to be IT support who talks an employee into starting a screen-sharing session on Zoom or Microsoft Teams. The in-person visits are the escalation.
There is no encryption involved. The group simply steals the data and threatens to publish it on a leak site unless the victim pays. "In case of ignorance or no agreement, We will notify your employees, partners and customers, after which We will publish your data," the hackers told one victim, according to Google.
Why this should worry Malaysian firms
The targets in this campaign were overseas, but the technique travels easily, and the softer version of it is already here. The single most common trick in the report, talking someone into installing screen-sharing software, is the same move behind a large slice of Malaysia’s scam losses. Fraudsters posing as bank officers, government officials, or tech support routinely get victims to install remote-access tools like AnyDesk or TeamViewer, then drain accounts or lift data while "helping." Malaysians lost RM1.12 billion to online scams in just the first six months of 2025, according to a parliamentary reply, and the National Scam Response Centre moved to 24-hour operations on 1 July 2025 to keep pace.
Law firms, clinics, accountancies, and small businesses across Malaysia hold exactly the kind of records Silent Ransom Group goes after: client contracts, MyKad details, and financial files. Many run lean, with no in-house security team and staff who have never been told that a real IT provider will not turn up unannounced asking to plug in a drive. A confident stranger with a lanyard and the right jargon is often all it takes.
The new legal cost of getting it wrong
Since 1 June 2025, Malaysia’s amended Personal Data Protection Act treats a data breach as a reporting obligation, not just an embarrassment. An organisation that suffers a breach likely to cause significant harm must notify the Personal Data Protection Commissioner within 72 hours and tell affected individuals within 7 days. Failing to report can bring a fine of up to RM250,000, jail of up to two years, or both. A firm that loses client files to a fake IT worker now answers to a regulator as well as to the extortionist.
What to actually do
The defences are unglamorous and cheap. Confirm any IT visit through a known internal contact before anyone touches a machine. Lock down or disable USB ports on computers that hold sensitive data. Treat any unsolicited request to install AnyDesk, TeamViewer, or a screen-share from "support" as a red flag, and verify it on a separate channel. And brief front-desk and junior staff, because they are the ones a confident impersonator approaches first.
Silent Ransom Group’s twist is a reminder that the weakest part of most security setups is not the firewall. It is a helpful employee who does not want to seem difficult.
Images courtesy of Jared Brashier and Israel Andrade on Unsplash.