-
The FBI & cybersecurity investigators suspect the Silent Ransom Group that hails from Russia employs people living in the United States to do their dirty work.
-
These recruits enter law firms physically by pretending to be IT staff & once there they connect USB devices to computers in the office.
-
Authorities are keeping track of the group’s activities through their blockchain transactions & physical evidence.

Law enforcement have a strong suspicion that the Silent Ransom Group is on the move to expand the way it carries out cybercrime operations.
The group is paying people residing in the United States to visit their target’s office in person & in this case, major law firms say the FBI and cybersecurity investigators. They will send individuals who will pose as IT support staff whose work will be to plug USB devices into office computers.
Investigators have the opinion that the actors are using this tactic to bypass cybersecurity protections that makes it hard for them to breach remotely. Also, by succeeding in this type of infiltration, they aim to strengthen their position in ransom negotiations that run into millions of dollars.
The FBI said it has already picked out many physical access attempts by these criminals across the US. And they are still continuing to investigate the broader cyber extortion activities the group are carrying out.
An Incident of Infiltration Attempt
The bad actors made an attempt to carry out their physical breach in April. That day, an executive at a US law firm got an urgent phone call. It was from a person who supposedly came from the IT department of the firm.
The caller told the executive that a computer virus was spreading so fast through the firm’s network. And accessing it to make remote repairs had failed. As such, the only way now is to enter the executive’s computer in person to stop the virus.
The executive actually agreed. Suspicion arose the next day when the receptionist reported an IT employee waiting at the front desk.
According to Leeann Nicolo, this check-in seemed unusual. This made the lawyer suspect that something was wrong. Nicolo is an executive who is in charge of handling incident response for Coalition, a cybersecurity insurance firm, which the law firm employed to investigate this attack.
IT staff typically don’t sign in with the receptionist before entering the office. When the lawyer came out to see the person, the bad actor ran away from the building. The FBI and private investigators linked the incident to the Silent Ransom Group’s known tactics.
So the law enforcement agents believe the group has hired some people currently living in the US to enter top law firms & connect USB drives to those computers in their target list.
A cybersecurity professional familiar with the investigation told CNN that the group offers $500 to individuals who want to work for them through a Telegram channel that is very private.
The individuals will carry out the task of going in person to plug in the USB into the computers for them so they can succeed in their larger ransomware hits.
Investigators Link Physical Tactics to Broader Ransom Campaign
Investigators say the group now uses attempted break-ins, fake phone calls & extortion letters they send through mails. All this is to gain access to sensitive client data & also to increase pressure during the times of ransom demands.
The group’s ability to operate relies on the dark web infrastructure that supports their activities, an infrastructure that law enforcement is increasingly targeting, as seen in the Dutch police shutdown of a criminal host used for dark web operations.
Investigators believe this physical access is a way they want to overcome cybersecurity protections that stop them from carrying out remote attacks. It also helps them to gather more sensitive client information that will make their ransom negotiations successful at all costs.
According to a cybersecurity executive who is usually in the place where ransom payments take place, this group of bad actors has extorted at least $100 million from law firms over the past six months.
Also, other sources familiar with the way the group operated told CNN that their own estimates put the total they have exhorted to be at least tens of millions of dollars. CNN also learned of another incident in which a man posed as IT support at a different law firm.
While there, he spoke Russian through smart glasses. Investigators believe it helped the cybercriminals to monitor the activity inside the office from their location.
At the same time, another member of the group allegedly called the lawyer they were targeting. The caller posing as a FedEx dispatcher just wanted to lure the lawyer away from the desk.
The hacker succeeded in inserting a USB device of course. But the cybersecurity systems of the firm blocked the attack before the thieves could succeed.
FBI Investigation Expands as Hackers Combine Cyber and Physical Threats
According to the FBI, the Silent Ransom Group is the only known data extortion group using this tactic. The agency also added that investigators have caught many of these attempted intrusions in cities across the United States.
The bureau is currently monitoring its footprints. They are following cryptocurrency payments on the blockchain while also looking at the physical evidence they gather from the in-person operations.
Cybersecurity experts said the members of the group likely have links to the former Conti ransomware gang. This gang’s internal communications went public in 2022 after Russia invaded Ukraine.
According to Nicolo, at least two law firms received extortion letters demanding cryptocurrency or cash payments over the past year. Notably, the envelopes were all mailed from empty office addresses in Washington, DC, & Boston. Forensic evidence links the Silent Ransom Group to at least one breach, despite another group’s signature.