Earlier this year, the FBI released a new cyber alert regarding a ransomware threat by SRG targeting law firms which uses social engineering calls and callback phishing emails to gain remote access to law firm systems and devices. Typically, the phishing emails spoof well-recognized businesses that offer subscription plans. The SRG emails advise the person that they are going to be charged a small subscription fee. In order to prevent the fee or cancel the fake subscription, the email instructs the person to call the number in the email. Once the person calls, the threat actor sends a link to “cancel.”  The link then downloads remote access software giving the threat actor access to the person’s device or system.  

Newer tactics by SRG include a threat actor who calls posing as a company employee from the IT department asking the person to join a remote access…