Google and FBI warn of ransomware group that sends fake IT workers to hack victims in person

A notorious ransomware group has ramped up its tactics, targeting law firms by deploying imposters who pose as IT workers. These fake technicians are sent directly to the victims' offices, where they can access computers and steal sensitive data using USB drives or assist accomplices in gaining remote access. This alarming trend was highlighted in a recent report from Google's cybersecurity teams, including Mandiant and the Google Threat Intelligence Group. The report identifies the group behind these brazen attacks as the Silent Ransom Group, which conducted operations from January to May of this year, affecting numerous victims. Mandiant's Chief Technology Officer, Charles Carmakal, noted, "We've investigated cases where adversaries have infiltrated organizations by planting insiders or bribing employees to facilitate these sophisticated cyberattacks." In addition to sending fake IT support personnel, the FBI issued a warning last month about the group's use of social engineering and phishing tactics, where they impersonate IT employees to gain trust and access. In some instances, the imposters have successfully connected to employees' computers, allowing them to exfiltrate sensitive information, including contracts, Social Security numbers, and financial records. An FBI spokesperson confirmed that there have been multiple reports of individuals impersonating IT support to gain physical access to victim companies. This marks a shift from traditional ransomware methods that typically involve encrypting data; instead, the Silent Ransom Group has established its own leak site to threaten victims with the publication of stolen data if ransom demands are not met. Victims have received alarming messages from the hackers, stating that if their demands are ignored, they will notify employees, partners, and customers before making the stolen data public. Google's report also points out that the criminals employ more conventional methods, such as phishing emails and follow-up phone calls, to manipulate victims into granting access to their systems. By disguising their intentions as IT support, they effectively build trust and lead targets to screen-sharing sessions that allow them to bypass security measures. This evolving strategy highlights a concerning trend in cybercrime, as hackers are now blending traditional techniques with physical infiltration, representing a significant escalation in their methods. As these tactics continue to develop, vigilance is crucial for organizations to protect themselves from these sophisticated threats.