Ransomware gangs are sending fake IT workers to hack you in person. The digital-physical barrier just collapsed.

The most sophisticated ransomware groups have discovered something their predecessors missed: sometimes the easiest way past a firewall is through the front door.

A joint advisory from Google's Threat Intelligence team and the FBI, released this week, warns that at least two major ransomware operations have begun dispatching operatives posing as IT contractors and support technicians to physically access corporate networks. The attackers arrive with convincing credentials, plausible cover stories, and the social engineering skills to talk their way past reception desks and into server rooms.

The methodology

The scheme works because it exploits a fundamental assumption in corporate security: that physical and digital threats exist in separate domains. Companies invest millions in endpoint detection, network segmentation, and zero-trust architectures while maintaining relatively porous physical access controls. A confident person in a polo shirt carrying a laptop bag and claiming to be from "the MSP" can often walk directly to the network closet.

Once inside, the operatives reportedly install hardware implants—small devices that provide persistent remote access—or simply plug directly into internal networks that trust local connections. The dwell time from physical access to full network compromise can be measured in minutes rather than the weeks typical of purely digital intrusions.

Why this matters now

The shift reflects both the maturation of ransomware as an industry and the hardening of traditional attack surfaces. As organizations have gotten marginally better at blocking phishing emails and patching vulnerabilities, criminal groups have responded by professionalizing their operations. The groups identified in the advisory reportedly maintain networks of contractors who receive training, equipment, and target packages—essentially franchising physical intrusion the way they previously franchised malware deployment.

The timing is notable. Remote work normalization means many employees have never met their IT support staff in person. Hybrid office arrangements create unpredictable occupancy patterns that make unfamiliar faces less conspicuous. The social infrastructure that once made physical intrusion risky—the receptionist who knew everyone, the colleague who would challenge a stranger—has eroded.

Our take

This advisory should end the comfortable fiction that cybersecurity and physical security are separate disciplines requiring separate budgets and separate expertise. They are now the same problem. The ransomware economy has matured to the point where criminal organizations can deploy human capital as readily as they deploy malware. Companies that have spent years building digital moats while leaving their drawbridges down are about to learn an expensive lesson about integrated threat models.

The Joni Times

Ransomware gangs are sending fake IT workers to hack you in person. The digital-physical barrier just collapsed.

The methodology

Why this matters now

Our take

More in AI

The NSA is reportedly deploying Anthropic's AI for cyber operations. The intelligence community's AI moment has arrived.

Reid Hoffman is leaving Microsoft's board to bet everything on Manus. The LinkedIn founder thinks AI agents need a Silicon Valley godfather.

Hackers tricked Meta's AI support chatbot into handing over Instagram accounts. The company's automation obsession finally backfired.

Suno raises another $400 million while still fighting the music industry in court. The AI music generator is betting it can outrun its legal problems.