This week, the FBI issued an urgent advisory highlighting a growing threat specifically impacting U.S. law firms. The group behind these attacks is using highly convincing social engineering tactics to impersonate IT support — and it is working.
At KaufmanIT, we not only want each of the nearly 40 law firms we serve to understand what’s happening, but for firms everywhere to know what to watch for right now.
The Big Picture
This isn’t traditional ransomware.
Instead of locking your systems, attackers are:
- Gaining access quickly
- Stealing sensitive data
- Extorting firms by threatening to publish it
They are targeting law firms because of the high-value, confidential data you manage every day.
What Makes This Threat Different
The attackers — often referred to as the Silent Ransom Group — are relying on people, not malware, to break in.
Here’s how they’re getting in:
- Posing as your IT team
- Calling employees directly or sending emails pretending to be IT support
- Tricking users into granting remote access
- Asking employees to launch remote desktop sessions or install support tools
- Escalating to physical access
- In some cases, showing up in person claiming they need to “fix” or “backup” a system
- Using legitimate tools to avoid detection
- Standard security tools may not flag the activity because nothing looks obviously malicious
Why This Is So Dangerous for Law Firms
- Minimal technical footprint — traditional antivirus often won’t catch it
- Rapid data theft — attackers move quickly once inside
- Client exposure risk — attackers may contact your clients directly
- Reputation damage — stolen data may be published or sold publicly
This is a trust-based attack — once an employee believes they’re working with IT, the defenses come down.
Critical Warning Signs to Watch For
Train your team to immediately flag and report:
- Unexpected calls from “IT support” asking for access
- Emails urging them to call a support number
- Requests to install or open remote access tools
- Someone attempting to access computers in person without prior confirmation
- Alerts or unusual activity tied to OneDrive, Google Drive or other file sharing platforms
- Notifications or messages claiming your data has been stolen
- Clients reporting suspicious outreach about your firm
Immediate Takeaways for Law Firms
- Trust nothing at face value
Any IT request — especially urgent ones — should be verified through known, internal channels. - Lock down how IT interacts with your team
Your staff should know:
- Who your IT provider is
- How they communicate
- What they will never ask them to do
- Train your team — now
These attacks succeed because employees are caught off guard. - Control physical access
No one should ever access firm devices without proper identification and authorization. - Strengthen core protections
- Enforce multi-factor authentication
- Limit remote access wherever possible
- Maintain secure backups
Our Perspective at KaufmanIT
We’re urging all law firms — regardless of size — to take this advisory seriously.
This isn’t a hypothetical threat. It’s active, targeted and specifically designed to bypass the exact protections many firms rely on.
If your team doesn’t know how to respond to a fake IT call or email, your risk is significantly higher right now.
Final Thought
Cybersecurity is no longer just about technology — it’s about awareness, validation and process.
We’ll continue monitoring this threat closely. In the meantime, we strongly recommend sharing this alert with your entire team and reinforcing your internal IT verification policies.
