Silent Ransom Group Targets U.S. Law Firms with Phishing, Fake IT Calls, and In‑Person Visits for Data Theft and Extortion
What Happened — The FBI disclosed that the Silent Ransom Group (SRG), an offshoot of the defunct Conti ransomware syndicate, is intensifying attacks on U.S. law firms. The campaign blends phishing emails, spoofed IT‑support phone calls, and even on‑site visits to persuade employees to grant remote‑desktop access, then exfiltrates files via legitimate cloud services.
Why It Matters for TPRM —
- Law firms hold confidential client, financial, and corporate data that can be weaponized against their clients.
- The use of trusted remote‑admin tools and cloud storage makes detection difficult, increasing supply‑chain exposure.
- Successful extortion can lead to public data leaks, reputational damage, and downstream legal liability for client organizations.
Who Is Affected — Legal services (law firms) and, by extension, their corporate clients; also healthcare, insurance, and financial institutions that rely on legal counsel.
Recommended Actions —
- Review contracts and security clauses with law‑firm vendors; require evidence of robust remote‑access controls.
- Enforce multi‑factor authentication and least‑privilege for any external support interactions.
- Conduct phishing‑resilience training focused on spoofed IT‑support scenarios.
- Monitor cloud storage traffic for anomalous uploads from privileged accounts.
Technical Notes — Attack vector: phishing, social engineering, and physical “IT‑support” impersonation. No specific CVE cited. Data exfiltrated via Google Drive, Microsoft OneDrive, and other legitimate cloud platforms. Source: The Record