The FBI warns that Silent Ransom Group (SRG) is targeting law firms with social engineering tactics, impersonating IT support in order to access a target’s computer and exfiltrate data. 

These social engineering attempts predominantly occur via phishing emails and phone calls. To establish access, the malicious actors leverage legitimate remote access tools or even send an in-person individual to the target’s company location for physical computer access. 

Nick Tausek, Lead Security Automation Architect at Swimlane, states, “The shift in attack strategy says a lot about where extortion is heading. It’s no longer just about breaking in through malware or locking systems with ransomware. The group is leaning into trust by posing as IT support, walking employees through remote access, then moving quickly to steal data before anyone realizes something is wrong.”

While the group has targeted entities across sectors such as healthcare, insurance and finance, U.S. law firms have been consistently targeted since 2023. 

The risk to law firms is significant, Tausek explains, since the data stored is highly sensitive. 

“These environments hold sensitive client records, privileged communications, financial details, and case information,” he states. “If that data is stolen, the damage does not stop at the victim organization. Clients can be pressured, legal strategies can be exposed, and employees can become targets for follow-up scams.”

SRG has been active since at least 2022, engaging in data theft and extortion without dependence on traditional ransomware encryption. Other names SRG may be known by include: 

• Luna Moth
• Chatty Spider
• UNC3753

Unlike most ransomware groups, SRG engages in rapid access to systems and immediate exfiltration. 

“The hardest part is that much of this activity can look normal at first glance,” Tausek warns. “Legitimate tools do not always trigger alarms. Security teams need faster ways to connect unusual behavior across users, devices, cloud storage, and remote access sessions. When attackers are moving this quickly, delayed detection gives them the advantage.”