Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
The ransomware gang has escalated its attacks on law firms by sometimes personally sending fake IT workers to victims’ offices, with fraudsters stealing data directly from victims’ computers using USB drives or helping other gang members connect to computers remotely, according to Google and the FBI.
On Friday, cybersecurity teams from Google Mandiant and Google Threat Intelligence Group Published a new report The cybercrime gang known as Silent Ransom Group was accused of trying to steal victims’ information “using physical and personal access” in attacks from January to May this year targeting “dozens” of victims.
“Mandiant has investigated numerous matters where adversaries have planted insiders, bribed employees, or physically entered buildings to facilitate cyberattacks,” Charles Carmakal, Mandiant’s chief technology officer, told TechCrunch in a statement, adding that the company has seen this tactic used in other cases over the years as well.
last month, The FBI posted an alert Warning: Silent Ransom Group has been targeting law firms with social engineering and phishing attacks posing as IT support employees. But in some cases, the group sent fake IT support employees to victims’ offices, where they connected to employees’ computers and used USB drives or remote access tools to steal data such as contracts and personal information such as Social Security numbers and financial and tax records.
An FBI spokesperson told TechCrunch: “We can confirm that we have seen multiple instances of individuals posing as IT support who gained or attempted to gain personal personal access to the offices and/or devices of victim companies as part of the Silent Ransom Group’s data exfiltration scheme.”
In what has now become a common extortion tactic – one that does not involve actually encrypting victims’ data as in traditional ransomware attacks – the gang has its own leak site, where it threatens victims to release their stolen data, then releases it if the victim doesn’t pay.
Contact us
Do you have more information about these hacking campaigns? Or other data breaches? We would love to hear from you. From a device and network outside of work, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or Email.
This often happens after hackers email victims directly to threaten them.
“In the event of ignorance or no agreement, we will notify your employees, partners, and customers, and then we will publish your data,” the hackers wrote to one victim, according to Google.
According to the Google report, hackers also use more traditional methods, such as phishing emails, follow-up phone calls, and social engineering. Cybercriminals pose as company IT support to trick victims into giving them access to their computers.
“Callers use a variety of verbal instructions to direct the target’s behavior. Under the guise of addressing a security issue or helping with a company data migration project, they build trust and direct the target to join a screen-sharing session,” the Google researchers wrote. Hackers then bypass security controls by convincing victims to download and open screen sharing apps, or to use screen sharing features in apps like Zoom or Microsoft Teams.
While hackers most often steal data remotely via malware or phishing attacks, these cases show that some hackers are now willing to take their crimes a step further, mixing traditional hacking techniques with physical intrusions in what is a significant new escalation.
When you make a purchase through the links in our articles, We may earn a small commission. This does not affect our editorial independence.
