The FBI has issued a warning about a cybercrime group targeting US law firms by impersonating internal IT staff through various means. Known as the Silent Ransom Group (SRG), the group has been actively focusing on US-based law firms since Spring 2023. Using social engineering tactics, the SRG gains access to company computers to steal sensitive data.
The FBI highlighted that SRG actors employ tactics like phone calls and phishing emails to manipulate employees into granting access to remote desktop sessions. Unlike traditional ransomware gangs, the SRG prioritizes rapid access to victim systems, immediate data exfiltration, and extortion through threats of public disclosure or sale of stolen data. If remote access attempts fail, the group may even send individuals to victim offices.
Once access is secured, the SRG swiftly extracts company data using tools like WinSCP or hidden versions of Rclone. Stolen data is often transferred through platforms such as Google Drive or Microsoft OneDrive for further exploitation. The FBI emphasized that the stolen information is used to extort victims by threatening to publish or sell the data online, with SRG actors pressuring victims into ransom negotiations.
The FBI’s alert outlined warning signs for companies to watch out for, including unauthorized downloads of remote access software and suspicious cloud data transfers. To combat such threats, organizations are advised to enhance cyber hygiene measures through staff training, regular backups, and phishing-resistant multi-factor authentication. The agency also recommended verifying the identity of all visitors accessing company premises and restricting remote access permissions on systems handling sensitive data.
