Silent Ransom Group Targeting Law Firms: FBI Warns of Increasing Threat

The Federal Bureau of Investigation (FBI) has issued a warning about the growing threat posed by the Silent Ransom Group, also known as Luna Moth, Chatty Spider, and UNC3753. This cybercrime organization has been targeting U.S.-based law firms for over two years, using sophisticated tactics such as callback phishing and social engineering to gain unauthorized access to their systems and steal sensitive data.

The FBI warns that the Silent Ransom Group's modus operandi involves making IT-themed social engineering calls to trick employees into granting remote access to their devices. Once inside, the attackers use tools like WinSCP or Rclone to exfiltrate data without needing administrative privileges. This new tactic has been highly effective, leading to multiple successful breaches.

The Silent Ransom Group operates by posing as IT staff in phone calls, tricking employees into granting remote access. They then threaten the victims with ransom emails and calls, urging them to negotiate. The group also uses data leak sites to extort their victims, although they have been known to use these sites inconsistently.

One of the most concerning aspects of the Silent Ransom Group's tactics is their ability to evade antivirus detection by using legitimate remote access tools. Their campaigns often leave minimal traces and can be difficult to detect.

The FBI has identified several indicators of Silent Ransom Group activity, including unauthorized downloads of tools like Zoho Assist or AnyDesk, external WinSCP/Rclone connections, ransom emails or calls from unnamed groups, and phishing emails about subscriptions urging recipients to call a number to cancel charges.

Prevention is Key: Follow the FBI's Advice

The FBI has offered some simple yet effective advice for law firms looking to prevent themselves from falling victim to the Silent Ransom Group's tactics. "Implement basic cyber hygiene," the report concludes, including being suspicious of unsolicited calls and emails, using robust passwords, multifactor authentication, and installing antivirus tools.

Stay Vigilant: Follow the FBI's Twitter Feed

The FBI has also urged individuals to stay vigilant and follow them on social media platforms. "Follow me on Twitter: @securityaffairs and Facebook and Mastodon" reads the report. By staying informed and taking proactive steps to protect themselves, law firms can reduce their risk of falling victim to this growing threat.