HomeIntelligenceBrief
BREACH BRIEF🟠 High Advisory

Silent Ransom Group Targets U.S. Law Firms with Phishing, Fake IT Calls, and In‑Person Visits for Data Theft and Extortion

The FBI warns that the Silent Ransom Group, a successor to the Conti ransomware gang, is intensifying social‑engineering campaigns against U.S. law firms. Attackers use phishing, spoofed IT‑support calls, and on‑site visits to gain remote access and exfiltrate confidential client data, then threaten extortion. This creates a high‑risk supply‑chain threat for any organization that relies on legal counsel.

LiveThreat™ Intelligence · 📅 May 28, 2026· 📰 therecord.media
🟠
Severity
High
AD
Type
Advisory
🎯
Confidence
High
🏢
Affected
4 sector(s)
Actions
4 recommended
📰
Source
therecord.media

Silent Ransom Group Targets U.S. Law Firms with Phishing, Fake IT Calls, and In‑Person Visits for Data Theft and Extortion

What Happened — The FBI disclosed that the Silent Ransom Group (SRG), an offshoot of the defunct Conti ransomware syndicate, is intensifying attacks on U.S. law firms. The campaign blends phishing emails, spoofed IT‑support phone calls, and even on‑site visits to persuade employees to grant remote‑desktop access, then exfiltrates files via legitimate cloud services.

Why It Matters for TPRM

  • Law firms hold confidential client, financial, and corporate data that can be weaponized against their clients.
  • The use of trusted remote‑admin tools and cloud storage makes detection difficult, increasing supply‑chain exposure.
  • Successful extortion can lead to public data leaks, reputational damage, and downstream legal liability for client organizations.

Who Is Affected — Legal services (law firms) and, by extension, their corporate clients; also healthcare, insurance, and financial institutions that rely on legal counsel.

Recommended Actions

  • Review contracts and security clauses with law‑firm vendors; require evidence of robust remote‑access controls.
  • Enforce multi‑factor authentication and least‑privilege for any external support interactions.
  • Conduct phishing‑resilience training focused on spoofed IT‑support scenarios.
  • Monitor cloud storage traffic for anomalous uploads from privileged accounts.

Technical Notes — Attack vector: phishing, social engineering, and physical “IT‑support” impersonation. No specific CVE cited. Data exfiltrated via Google Drive, Microsoft OneDrive, and other legitimate cloud platforms. Source: The Record

📰 Original Source
https://therecord.media/fbi-warns-hackers-visit-law-firms-to-steal-data

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · PrivacyOps · CookiePLUS

A privacy incident is a question about your consent record.

CookiePLUS and Verisq AI Trust Operations keep consent, DSAR, and data-handling evidence continuously ready — so a data-exposure event finds you prepared, not scrambling.

See how Verisq AI Trust Operations handles privacy →