A ransomware gang has escalated its attacks on law firms by sometimes sending fake IT workers in person to the victims’ offices, where the imposters steal data directly from the victims’ computers using USB drives or help other gang members connect to the computers remotely, according to Google and the FBI.
On Friday, Google’s cybersecurity teams Mandiant and Google Threat Intelligence Group published a new report accusing the cybercriminal gang known as Silent Ransom Group of attempting to steal victims’ information “using physical, in-person access” in attacks from January through May of this year that targeted “dozens” of victims.
“Mandiant has investigated various matters where adversaries planted insiders, bribed employees, or physically entered buildings to facilitate cyberattacks,” Mandiant chief technology officer Charles Carmakal told TechCrunch in a statement, adding that the company has seen this tactic used in other cases over the years as well.
Last month, the FBI published an alert warning that Silent Ransom Group had been targeting law firms with social engineering and phishing attacks pretending to be IT support employees. But in some cases, the group sent fake IT support personnel to the victims’ offices, where they connected to employees’ computers and used USB drives or remote access tools to steal data such as contracts, personal information like Social Security numbers, and financial and tax records.
An FBI spokesperson told TechCrunch: “We can confirm we have seen multiple instances of individuals impersonating IT support who have gained or attempted to gain physical in-person access to victim companies’ offices and/or devices as part of Silent Ransom Group’s scheme to exfiltrate data.”
In what is now a common extortion tactic — one that does not involve actually encrypting the victims’ data as in traditional ransomware attacks — the gang has its own leak site, where it threatens victims with publishing their stolen data, and then publishes it if the victim doesn’t pay.
Contact Us …