Google and FBI Warn of Ransomware Group's In-Person Attacks

A notorious ransomware gang has taken its attacks on law firms to a new level by sometimes sending fake IT workers to victims' offices, where they steal data directly from computers using USB drives or help other gang members connect remotely. Google's cybersecurity teams, Mandiant and Google Threat Intelligence Group, published a report on Friday accusing the cybercriminal gang, known as Silent Ransom Group, of attempting to steal victims' information "using physical, in-person access" in attacks from January through May of this year that targeted "dozens" of victims. "Mandiant has investigated various matters where adversaries planted insiders, bribed employees, or physically entered buildings to facilitate cyberattacks," Mandiant chief technology officer Charles Carmakal told TechCrunch in a statement, adding that the company has seen this tactic used in other cases over the years as well.

The FBI had previously warned about Silent Ransom Group's tactics, which include social engineering and phishing attacks pretending to be IT support employees. But in some cases, the group sent fake IT support personnel to victims' offices, where they connected to employees' computers and used USB drives or remote access tools to steal sensitive data such as contracts, personal information like Social Security numbers, and financial and tax records. An FBI spokesperson confirmed that there have been "multiple instances of individuals impersonating IT support who have gained or attempted to gain physical in-person access to victim companies' offices and/or devices as part of Silent Ransom Group's scheme to exfiltrate data." In a common extortion tactic, the gang threatens to publish stolen data on its leak site if victims don't pay.

This often happens after hackers email victims directly to threaten them, writing: "In case of ignorance or no agreement, We will notify your employees, partners and customers, after which We will publish your data."