Home / Technology / Fake IT Workers Steal Data Directly From Law Firms
Fake IT Workers Steal Data Directly From Law Firms
5 Jun
Summary
- Ransomware gangs now send fake IT staff to victim offices.
- Imposters use USB drives or remote access to steal sensitive data.
- This tactic bypasses traditional cybersecurity measures for data theft.
A concerning escalation in ransomware tactics has emerged, with cybercriminal gangs now deploying fake IT workers to infiltrate victim organizations physically. These imposters gain direct access to offices, where they utilize USB drives or establish remote connections to exfiltrate sensitive data. The Silent Ransom Group, identified by Google and the FBI, has been targeting law firms with this method between January and May of this year.
This new approach bypasses conventional cybersecurity measures. Instead of solely relying on phishing or social engineering, these attackers introduce a physical dimension to their schemes. Once inside, they can directly access computers to steal information such as contracts, personal identification, and financial documents. The stolen data is then used for extortion on the gang's own leak sites.
While traditional methods like phishing emails and social engineering remain in use, the willingness of groups like the Silent Ransom Group to blend physical intrusion with digital attacks marks a significant evolution in cybercrime. This strategy underscores a growing trend of hackers taking bolder steps to circumvent security controls and increase pressure on victims to pay ransoms.
