Cybersecurity

The Wolves Figured Out Shoes: Silent Ransom Group Is Just Calling You Now

NeglectedSheep

2 min read
Share
The Wolves Figured Out Shoes: Silent Ransom Group Is Just Calling You Now

Oh good. They're on the phone now.

I've spent the better part of a decade telling the flock to stop clicking fake grain emails. I've sat through seventeen security awareness trainings that nobody attended. I've built electric fences so layered they'd make a network engineer weep with joy. And the wolves? They just picked up the phone.

The FBI, bless their hearts, finally got around to warning us that Silent Ransom Group is targeting law firms specifically. Not with some exotic hole in the fence. Not with fleas smuggled in through a compromised dependency chain. No. They are calling law firm employees, pretending to be IT support, and sweet-talking their way directly into servers and databases.

Social engineering. In the year of our pasture, 2025.

The lambs at these firms are apparently handing over credentials to anyone who sounds confident and mentions a "ticket number." I would be furious if I wasn't so profoundly unsurprised.

Law firms are a dream target, by the way. Privileged client data, confidentiality pressures that make victims reluctant to report, and, no offense, a flock that is extremely good at arguing but not particularly suspicious of a stranger asking for their login. The wolves know this. The wolves have spreadsheets about this.

Silent Ransom Group has been at it since at least 2022, spun out of the old Luna Moth operation. They skip the parasites entirely. No malware, no ticks, no fleas. Just a voice and a sense of urgency. They get in, they grab everything worth grabbing, and then they threaten to release it unless you pay up.

The shepherds are going to ask for a one-page summary of this threat. I'm going to need more coffee.

Remediation

Look, I'm tired, but here's what you actually do:

Verify before you comply. Any call requesting credentials or remote access gets hung up on and called back through a number you looked up. Not the one they gave you.

Callback verification policies. Write it down. Make it mandatory. Yes, even for the senior partners who think the rules are decorative.

Privileged access reviews. Who has access to your databases? Do you actually know? Go check. I'll wait.

Employee awareness training that people attend. I know. I know. But specifically train for voice-based lures, not just fake grain emails. The wolves adapted. So should the curriculum.

Incident response contacts ready. The FBI IC3 is the place to report this. Have the number somewhere that isn't locked inside the compromised system.

Apparently we're doing this now, fighting crime with phone etiquette. Fantastic.

Stay suspicious out there, the wolves have unlimited minutes.

Original Report: https://www.darkreading.com/cyberattacks-data-breaches/ransomware-actors-steal-law-firm-data