A hacking group called the Silent Ransom Group (SRG) is walking into U.S. offices, posing as IT support staff to steal company data. The FBI issued a flash warning (PDF) yesterday about the group, which has been targeting law firms since 2023 and has been known to go after other businesses with confidential files worth stealing, including insurance, finance, and healthcare.
The attack starts remotely with a call or email that looks like it's coming from your own IT department, warning about a security issue and asking you to contact support. It isn't IT. Once you're on the phone, the attacker talks you through handing over remote desktop access to your computer.
If that fails, the group takes the highly unusual step of sending a hacking team member in person to your office. That person, posing as a member of your company's IT support, explains that they need to plug in a USB drive to image your computer or create a backup due to the security issue you were just contacted about. Once the attacker gets access to your physical PC, they can quietly copy company files to file-sharing platforms, like Google Drive or Microsoft OneDrive, or may simply copy the files onto a USB drive or external hard drive.
After your data is exfiltrated, the extortion begins. The group threatens to post your company's stolen files publicly or sell the data. In some cases, they have contacted victims' clients to increase the pressure on paying a ransom.
The FBI notes that traditional antivirus products are unlikely to flag these attacks because SRG uses legitimate remote access tools such as Zoho Assist, Quick Assist, AnyDesk, RustDesk, Syncro, Splashtop, and Atera. Instead, you should follow basic security procedures, including verifying the credentials of anyone attempting to access your computer and knowing your company's policy for how IT communicates and authenticates itself to employees.
If you suspect your company has been a target of these attacks, the FBI is requesting that you report any suspicious activity to the FBI's Internet Crime Complaint Center.
Read next: How Android 17 will protect your phone from thieves
[Image credit: Suzanne Kantra/Techlicious generated by ChatGPT]
