For years, cybersecurity experts have warned organizations about the growing threat of ransomware attacks. Initially, these attacks focused mainly on encrypting files and demanding payment for restoring access.
Over time, cybercriminals evolved their tactics into what became known as “double extortion” and “triple extortion” attacks. In these methods, hackers not only encrypt sensitive data but also steal it before demanding ransom payments. If victims refuse to pay, the stolen information is either leaked publicly or sold on dark web marketplaces for financial gain.
Now, according to a recent warning issued by the FBI, ransomware groups are adopting an even more alarming strategy. The FBI’s Internet Crime Complaint Center (IC3) has revealed that certain cybercriminal groups are reportedly sending individuals directly to targeted organizations to physically steal data while posing as legitimate IT professionals.
The warning specifically highlights the activities of a cybercrime group known as “The Silent Ransom Group” (SRG), also referred to by cybersecurity researchers as Luna Moth, Chatty Spider, or UNC3753. Investigators say the group has been actively targeting law firms since 2022 and significantly increased its operations during the spring of 2023.
Law firms have become attractive targets for ransomware gangs because they store highly confidential legal, financial, and client-related information. According to industry reports, law firms rank among the most frequently attacked sectors by ransomware operators. The Silent Ransom Group appears to exploit this vulnerability through advanced social engineering tactics.
The attackers typically begin by contacting employees through emails, phone calls, or SMS messages while pretending to be technical support staff or customer service representatives. Once trust is established, they convince employees to provide remote access to company systems or share sensitive credentials. This allows the attackers to infiltrate the business network, steal valuable information, and later issue ransom demands.
However, the FBI warns that the group’s tactics are becoming far more aggressive. In situations where remote access attempts fail, members of the group have allegedly convinced employees to allow someone posing as an IT technician to visit the office physically. These individuals reportedly attempt to gain access to server rooms or internal systems and use devices such as USB drives to install malicious software, steal data, or enable unauthorized file transfers.
While social engineering attacks themselves are not new, the idea of cyber-criminals physically visiting organizations to carry out ransomware-related activities marks a concerning evolution in cyber-crime tactics. Security experts believe this demonstrates how ransomware gangs are becoming increasingly sophisticated and determined to bypass traditional cybersecurity defenses.
The FBI is urging organizations to remain vigilant, train employees to verify identities carefully, and strengthen physical as well as digital security measures. Companies are also advised to restrict unauthorized access to sensitive areas, monitor unusual activity, and educate staff about the risks associated with impersonation-based attacks.
As cyber threats continue to evolve, businesses must recognize that modern ransomware attacks are no longer confined to the digital world alone.
Join our LinkedIn group Information Security Community!
