FBI Warns of Cybercrime Group Targeting Businesses

Imagine this: someone walks into your office, claiming to be from IT, and asks you to sit down at their computer for a quick fix. Most employees might feel a bit relieved—finally, someone is there to sort out the tech issues. But this trust is something a certain cybercrime group seems to be exploiting.

The FBI has issued a warning about a group known as the Silent Ransom Group, which is particularly interested in U.S. companies, especially law firms. Initially, they try to convince staff to install remote access software. If that doesn’t work, they may take things a step further and show up in person.

This is where it gets pretty audacious. According to the FBI, these scammers can walk right into a workplace with flash drives, external hard drives, and other devices. Once they gain access to a workstation, they can copy sensitive files, expand their access, and leave behind harmful software.

Then they simply vanish. Companies may not hear from them again until a ransom demand arrives.

Understanding How the Scam Works

The Silent Ransom Group, which is also referred to as Luna Moth, Chatty Spider, and UNC3753, employs techniques like phone calls, phishing, and a bit of intimidation. Scams often start with a phone call where the caller pretends to be IT support and tries to persuade the employee to install remote desktop software. This software allows the attacker to access their computer.

If the employee doesn’t comply or if the phone call fails, the scammers might send a representative into the office. This individual portrays themselves as technical support, claiming they need to troubleshoot an issue or conduct a system update. While sitting at the computer, they can insert their USB drive or external hard drive, copy files, and quietly gain further access.

According to the FBI, once they have stolen data, they may blackmail their victims, threatening to sell sensitive information or make it public. They could also contact employees and clients to pressure the company into paying the ransom, which adds a personal touch to the attack and increases the fear and urgency.

Why Law Firms Are a Primary Target

Law firms hold a treasure trove of sensitive information—including client records, litigation details, contracts, financial information, and personal negotiations. This kind of data is incredibly valuable to criminals, even without needing to encrypt any computer.

The group’s focus seems to be on stealing data to leverage shame and pressure, making legal firms particularly appealing targets. However, the warning applies to any business dealing with sensitive records. Medical institutions, financial companies, insurance firms, and small businesses are all at risk. You don’t need fancy hacking skills; you just need someone to sit in front of a computer.

Recognizing Fake IT Support

Most people picture hackers operating from a remote location, but this warning flips that idea. The threat can come in a seemingly harmless form—someone carrying a laptop bag and speaking calmly.

This makes it easy to overlook the fraud. Receptionists might think the individual has an appointment. Employees might feel they are authorized, and busy managers could brush them off, thinking they’re well-informed. This confidence is part of the trick.

Signs of a Scam

Be cautious if someone appears unexpectedly in your IT area without proper authorization. Watch out for individuals who don’t provide identifiable ticket information or who want to use the computer unsupervised, especially if they bring their own drives.

Urgency is another red flag. Scammers often pressure employees to act without following usual procedures, claiming immediate attention is necessary. This rush tactic is designed to bypass normal safeguards.

Preventing Fake IT Support Scams

Fortunately, a few simple practices can deter these fake IT workers from entering your space or accessing sensitive files.

1) Verify All IT Visits

Do not allow someone to use your computer solely based on appearances. Call your known IT contact number, not one provided by the visitor, and confirm their identity and purpose.

2) Require Visible Approval for External Support

Set a rule that external technicians cannot access workstations without managerial or IT approval through established channels. This protects employees and allows them to suspend suspicious encounters without feeling impolite.

3) Regulate USB and External Storage Access

Limit USB drive access as much as possible. If external drives are unnecessary, block them entirely. If they are required, restrict access to authorized devices only. Scammers prefer removable drives for their speed in transferring data.

4) Educate Employees on Technical Support Scams

Security training should cover scams not just from emails but also in-person encounters. Employees should be empowered to say, “I need to check this first,” which can halt potential attacks.

5) Watch for Suspicious Remote Access Tools

The Silent Ransom Group often attempts to trick individuals into installing remote desktop programs. IT teams should monitor for unfamiliar remote access software and check for alerts on computers where such tools should not exist.

6) Access Restriction for Sensitive Files

Ensure employees can only access files necessary for their roles. This limits the amount of sensitive data accessible if a computer is compromised.

7) Implement Logging and Monitoring

Organizations should track all device connections and file transfers to identify suspicious activity after unannounced visits.

8) Front Desk Security Protocols

Receptionists should have a checklist for unexpected visitors that includes photo ID and contact details. This helps manage who enters the office and prevents unauthorized movement.

9) Report Suspicious Impersonation Attempts

If someone poses as IT support, escalate the issue to management, IT, or local authorities. Reporting these occurrences helps connect dots for future cybercrime investigations.

10) Ensure Strong Security Software is Installed

Having reliable security software on office computers helps detect malware or other threats. It’s crucial that software supports rather than replaces the human element of security training and protocol enforcement.

Conclusion

This FBI alert is unsettling in how prevalent this type of attack is. There are no dramatic breaches; just individuals masquerading as helpers. It’s easy for these scams to blend into the normal workday, using trust and urgency to bypass defenses. So next time someone says they’re from IT, maybe take a moment before handing over the keyboard.

Do you feel uneasy about unexpected tech support visits at your workplace? Or do you assume they’ve been authorized? Feel free to share your thoughts.