FBI Warns Silent Ransom Group Impersonates IT Staff To Steal Data From US Offices

The FBI has warned that cyber criminals are posing as IT support staff to gain physical access to critical computer systems, and a hacking collective known as Silent Ransom Group (SRG) has been turning up at US offices to impersonate IT workers and steal sensitive data for ransom.

“Highlights of the week - SentinelOne attributed Fast16, malware that appeared in the Shadow Brokers leaks, to a sabotage campaign dating back to 2005 targeting high-precision computing software, covertly corrupting operations to alter scientific and industrial results”

DCOD

TechCrunch, citing Google and the FBI, said the gang escalated its attacks on law firms by sometimes sending fake IT workers in person to victims’ offices, where imposters steal data directly from victims’ computers using USB drives or help other gang members connect remotely.

DCOD

Google and the FBI said the attacks targeted law firms and involved “physical, in-person access” from January through May of this year, and TechCrunch reported that the scheme included stealing data such as contracts, Social Security numbers, and financial and tax records.

An FBI spokesperson told TechCrunch, “We can confirm we have seen multiple instances of individuals impersonating IT support who have gained or attempted to gain physical in-person access to victim companies’ offices and/or devices as part of Silent Ransom Group’s scheme to exfiltrate data.”

TechCrunch reported that SRG’s in-person intrusions can involve imposters connecting to employees’ computers and using USB drives or remote access tools to steal data, aligning with the FBI’s warning about criminals using IT impersonation to obtain physical access.

Google’s researchers described how the callers, “Under the guise of addressing a security issue or aiding with a corporate data migration project, they build trust and direct the target to join a screen-sharing session,” and they said the attackers then bypass security controls by convincing victims to download and open screen-sharing applications.

Resecurity

The Independent said SRG, active since 2022, has shifted from remote cyber attacks to these in-person hacks, primarily targeting law firms, with medical and insurance sectors also at risk.

TechCrunch also reported that the gang has its own leak site where it threatens victims with publishing stolen data and then publishes it if the victim doesn’t pay, describing this as an extortion tactic that does not involve encrypting victims’ data like traditional ransomware.

Google and the FBI said SRG’s in-person access is part of a broader scheme to exfiltrate information from victim companies’ offices and/or devices, and TechCrunch tied the approach to attacks from January through May of this year targeting “dozens” of victims.

“A ransomware gang has escalated its attacks on law firms by sometimes sending fake IT workers in person to the victims’ offices, where the imposters steal data directly from the victims’ computers using USB drives or help other gang members connect to the computers remotely, according to Google and the FBI”

TechCrunch

TechCrunch reported that the gang’s threats include notifying “your employees, partners and customers” and then publishing stolen data if victims do not pay, and it said the hackers wrote that message to one victim according to Google.

The Independent framed the FBI’s warning as a need for robust, layered security, emphasizing physical security and employee verification because social engineering can lead to significant breaches despite advanced technological defenses.

In parallel, DCOD’s roundup said the Silent Ransom Group continues to target American law firms by combining telephone phishing and physical intrusions, with impostors posing as IT technicians, plugging USB drives into computers, copying sensitive files, and then demanding a ransom via a data-leak site.