WinSCP is an open-source SFTP, FTP, and SCP client documented as a primary data exfiltration tool in Silent Ransom Group operations. Attackers execute WinSCP on compromised endpoints to transfer stolen files to attacker-controlled or cloud storage destinations. WinSCP has no legitimate business use on legal workstations in most environments, making its presence a near-unambiguous indicator of malicious exfiltration activity.