A ransomware gang has taken its attacks on law firms to a more aggressive level by sending fake IT workers directly to victims’ offices, where they steal data from computers using USB drives or help other gang members connect to systems remotely, according to Google and the FBI.
Google’s Mandiant and Google Threat Intelligence Group said in a new report that the cybercriminal group known as Silent Ransom Group has tried to steal victim data by using physical, in-person access. The attacks took place between January and May this year and targeted dozens of victims.
Mandiant chief technology officer Charles Carmakal told TechCrunch that the company has investigated several cases where attackers planted insiders, bribed employees, or physically entered buildings to support cyberattacks. He said Mandiant has seen similar tactics used in other incidents over the years.
The FBI also warned last month that Silent Ransom Group has been targeting law firms through social engineering and phishing attacks while pretending to be IT support staff. In some cases, the group allegedly sent fake IT support workers to company offices, where they connected to employees’ computers and used USB drives or remote access tools to steal sensitive files.
An FBI spokesperson confirmed to TechCrunch that investigators have seen multiple cases where people impersonating IT support gained or tried to gain physical access to victim companies’ offices or devices as part of Silent Ransom Group’s data theft scheme.
The stolen information reportedly includes contracts, personal details such as Social Security numbers, and financial and tax records. Instead of encrypting files like traditional ransomware gangs, Silent Ransom Group uses a data theft and extortion model. The gang runs a leak site where it threatens to publish stolen data if victims refuse to pay.
Google said the attackers often email victims directly after stealing their data and pressure them to pay. In one message cited by Google, the hackers warned that if the victim ignored them or failed to reach an agreement, they would notify employees, partners, and customers before publishing the stolen data.
The group also uses more traditional cyberattack methods, including phishing emails, follow-up phone calls, and social engineering. The attackers pose as company IT support workers and trick employees into giving them access to their computers.
According to Google’s researchers, the callers build trust by claiming they are fixing a security issue or helping with a corporate data migration project. They then guide victims into joining screen-sharing sessions and convince them to download remote access tools or use screen-sharing features in apps like Zoom or Microsoft Teams.
While most data theft attacks happen remotely through phishing or malware, these incidents show that some cybercriminals are now willing to combine digital attacks with physical intrusion. The tactic marks a serious escalation, especially for law firms that store highly sensitive client, financial, and legal information.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
