The FBI has warned that Silent Ransom Group, a cyber extortion crew linked to the former Conti ransomware syndicate, is intensifying attacks on U.S. law firms through phishing, fake IT support calls, and occasional in-person visits aimed at stealing sensitive data. Unlike traditional ransomware gangs that encrypt files, SRG focuses on data theft and extortion, threatening to leak or sell stolen information unless victims pay. The group has been targeting U.S. law firms since 2023, according to the bureau, and continues to rely on social engineering to gain access to corporate systems.
In its latest public advisory, issued Tuesday, the FBI said the group, also tracked as Luna Moth, Chatty Spider and UNC3753, has been using multiple tactics this spring to trick employees into handing over remote desktop access. Victims may receive phone calls or phishing emails that appear to come from internal IT staff or a help desk. Once contact is made, attackers persuade workers to approve remote access tools, giving them a fast path into company networks and allowing them to steal files and other sensitive data.
The FBI also said the group may escalate by sending an individual to a victim’s office if remote attempts fail. That person may claim to be there to create a backup or image a device as part of a supposed security response, then use external storage devices to copy data onto hard drives or USB drives. The bureau said these tactics can be difficult to spot because SRG often uses legitimate remote administration and system management tools that are commonly found in corporate environments.
To avoid detection, stolen data is frequently transferred through trusted cloud services such as Google Drive and Microsoft OneDrive, making the activity blend in with normal business operations. The group has been active since at least 2022 and emerged after the collapse of Conti, whose affiliates later splintered into multiple cybercrime operations. Earlier SRG campaigns used phishing emails warning victims about fake subscription charges and instructing them to call a phone number and install remote access software to resolve the issue.
Law firms are considered especially valuable targets because they store large amounts of sensitive legal, financial and corporate records. The FBI said it issued a similar warning in 2025 and noted that SRG has also targeted organizations in healthcare, insurance and financial services. The agency did not disclose how many law firms were targeted in the latest campaign or whether any intrusions were successful.
