Another FBI Alert: The Legal Industry Continues To Be Targeted By Ransomware
Basic cybersecurity hygiene goes a long way to help prevent these types of attacks and is something law firms should already be doing. The post Another FBI Alert: The Legal Industry Continues To Be Targeted By Ransomware appeared first on Above the Law.
Ed. note: This is the latest in the article series, Cybersecurity: Tips From the Trenches, by our friends at Sensei Enterprises, a boutique provider of IT, cybersecurity, and digital forensics services.
Just before the busy Memorial Day holiday, the FBI released a new cyber alert regarding ransomware and the targeting of law firms. Unfortunately, with staff leaving early or already out on vacation, many law firms likely missed this alert. When the FBI releases an information memo regarding a specific cyberthreat, it’s worth taking notice.
A cybercriminal group named Silent Ransom Group (SRG) is targeting law firms. It uses social engineering calls and callback phishing emails to gain remote access to systems or devices, steal sensitive information, and extort the victims. All the efforts use Information Technology (IT) themes and content to trick their potential victims. SRG is no stranger to law firms, as it has specifically targeted the legal industry since the Spring of 2023, given the valuable and highly sensitive nature of legal industry data.
Specifically, the callback phishing emails spoof well-recognized businesses that offer subscription plans. A callback phishing email is a phishing attack that uses social engineering to trick victims into calling a phone number provided in the email. Once the victim calls, they are typically asked to verify sensitive information or provide payment details, leading to potential identity theft or fraud. These emails often bypass email filters because they don’t contain malicious links or attachments.
These emails reportedly will charge a small subscription fee for the service, as they’re less likely to generate suspicion by the recipient. The victim is then instructed to call the threat actor to cancel the fake subscription and is required to download and install remote access software, giving the attacker access to their device. Once access is established, the attacker seeks to steal valuable information before sending a ransom notice to the victim, threatening to share the information if the ransom is unpaid.
What’s new about this group’s tactics is that they have been observed calling potential victims posing as employees from their company’s IT department, requesting remote access to the device so they can perform some work that needs to be done overnight. They have also been documented calling other employees at a victim’s company to pressure them into making the ransom payment. They are relentless in their steps to demand and obtain the ransom payment.
Over time, the attackers have changed the tools they use to carry out the attacks, focusing on legitimate system management and remote access tools to evade detection by traditional antivirus products. Some of the indicators of compromise may include voicemails and phone calls from a group claiming data was stolen, emails regarding subscription services providing a phone number, and requiring a call to remove pending renewal charges. Others have reported receiving unsolicited phone calls from individuals claiming to work in their IT department.
The recommendations by the FBI to combat these types of attacks include conducting staff training on resisting and detecting phishing attempts, developing processes surrounding when and how a company’s IT vendor or internal technical staff will authenticate themselves to employees, maintaining off-site regular backups of company data, and enabling multi-factor authentication everywhere you can. Basic cybersecurity hygiene goes a long way to help prevent these types of attacks and is something law firms should already be doing.
Cybercriminals will continue to target law firms, given the sensitive information they keep and the deeper pockets to pay ransoms. Keeping your staff educated and your cybersecurity posture current with today’s best practices should allow your firm to operate with a reduced risk of falling victim to these cyberattacks, enabling you to focus on what you do best: the practice of law.
Michael C. Maschke is the President and Chief Executive Officer of Sensei Enterprises, Inc. Mr. Maschke is an EnCase Certified Examiner (EnCE), a Certified Computer Examiner (CCE #744), an AccessData Certified Examiner (ACE), a Certified Ethical Hacker (CEH), and a Certified Information Systems Security Professional (CISSP). He is a frequent speaker on IT, cybersecurity, and digital forensics, and he has co-authored 14 books published by the American Bar Association. He can be reached at mmaschke@senseient.com.
Sharon D. Nelson is the co-founder of and consultant to Sensei Enterprises, Inc. She is a past president of the Virginia State Bar, the Fairfax Bar Association, and the Fairfax Law Foundation. She is a co-author of 18 books published by the ABA. She can be reached at snelson@senseient.com.
John W. Simek is the co-founder of and consultant to Sensei Enterprises, Inc. He holds multiple technical certifications and is a nationally known digital forensics expert. He is a co-author of 18 books published by the American Bar Association. He can be reached at jsimek@senseient.com.
The post Another FBI Alert: The Legal Industry Continues To Be Targeted By Ransomware appeared first on Above the Law.
