THE Silent Ransom Group (SRG), a ransomware actor, is increasingly targeting law firms using social engineering tactics, including impersonating IT personnel to gain access to sensitive data. The FBI has warned about their methods, which include phishing and, in some cases, physical presence at the victim's location. SRG, which has been active since 2022, is known for data theft extortion, where stolen data is threatened to be leaked publicly.
The legal sector is particularly appealing to these actors due to the sensitive nature of client information. Key recommendations to mitigate these threats include verifying individuals entering company premises, training staff on phishing detection, and implementing multifactor authentication.