Home
News
Details

Google and the FBI warn of a ransom group using IT impersonation to steal data

icon币界网
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
AI summary iconSummary

expand icon
Google and the FBI have warned of the Silent Ransom Group targeting U.S. law firms through IT impersonation. Active from January to May 2026, the group uses phishing, social engineering, and in-person access to steal sensitive data. Stolen files include contracts, tax records, and personal information, which are then used for ransom demands. Traders monitoring altcoins should note that rising inflation data poses risks to cybersecurity budgets.
CoinDesk reports:

Google and the U.S. Federal Bureau of Investigation (FBI) have warned that a ransomware group called Silent Ransom Group is escalating its attacks against U.S. law firms. In addition to common phishing emails and social engineering tactics, the group has, in some cases, sent individuals posing as IT support staff to victims' offices to gain direct access to computers and steal data.

The attack escalated from remote spoofing to in-person contact.

Google's Mandiant and the Google Threat Intelligence Group stated in their latest report that, from January to May this year, the group targeted dozens of victims using methods that included gaining access through "in-person, face-to-face interactions."

Last month, the FBI also issued an alert stating that the group impersonates corporate IT support staff, guiding employees to comply with operations via phone calls, emails, and other means. In some cases, the impostors enter offices, connect to employees' devices, and transfer data using USB storage devices or remote access tools.

Target data includes contracts, tax information, and personal details.

According to disclosures by Google and the FBI, the stolen information included contract documents, Social Security numbers, and other personal identifying information, as well as financial and tax records. This data was subsequently used for ransomware attacks.

Unlike traditional ransomware, this type of attack does not necessarily encrypt the victim’s systems. The group more commonly steals data first and then threatens to publicly leak it unless the victim pays.

  • Attack period: January to May 2026
  • Primary target: U.S. law firms and other institutions
  • Common tactics: Impersonating IT support, screen sharing, USB theft, remote takeover

Exploit the trust established under the guise of "security issues" to carry out theft

Google states that attackers typically contact employees under the pretense of handling security incidents or assisting with corporate data migrations, tricking them into joining screen-sharing sessions. The attackers then persuade victims to download and open screen-sharing software, or directly exploit built-in features in applications like Zoom or Microsoft Teams to gain control.

Google stated that such cases demonstrate that some hackers are combining traditional cyberattacks with physical contact in real-world scenarios, further increasing the difficulty for businesses to defend themselves. Organizations that rely on external IT support and have weak internal verification processes are particularly vulnerable to these impersonation attacks.

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.