The FBI issued a warning about the Silent Ransom Group attacking law firms by impersonating IT support staff. Lately, the attackers have been calling or emailing employees to grant them remote desktop access. If that fails, they send an operative to go in-person and plug in a USB Drive to steal data directly using tools like WinSCP or Rclone. They use this to extort the victim by threatening to sell or publish the stolen information. Due to this incident, the FBI has recommended organizations to verify IT personnel credentials, train employees to spot phishing, implement MFA, and restrict access to sensitive data, since SRG's remote access tools aren't detected by traditional antivirus products.