Ransomware Group Silent Ransom Targets Law Firms with In‑Person Data Theft
What Happened — The FBI has issued a warning that the extortion gang Silent Ransom Group is physically entering law‑firm offices, stealing client data, and then leveraging that theft to demand ransomware payments. The actors combine on‑site theft with credential harvesting to gain persistent access to sensitive legal databases.
Why It Matters for TPRM
- Physical social‑engineering expands the attack surface beyond remote exploits, exposing a new vector for third‑party risk.
- Law firms store privileged client information (financial, health, IP) that, if exfiltrated, can cascade risk to multiple downstream organizations.
- The blend of theft and ransomware heightens the likelihood of data exposure, extortion, and reputational damage for any organization that relies on legal counsel.
Who Is Affected — Professional services – law firms and their corporate, financial, healthcare, and technology clients.
Recommended Actions —
- Review and tighten physical security controls for any third‑party legal service providers.
- Verify that vendors segment client data and enforce least‑privilege access.
- Require vendors to have documented incident‑response and ransomware‑mitigation plans.
- Conduct regular third‑party risk assessments that include on‑site security testing.
Technical Notes — Attack vector: in‑person social engineering combined with credential theft; possible deployment of malware after physical access. Data types targeted include client contracts, personally identifiable information, litigation files, and intellectual property. Source: Dark Reading