The FBI warns that the Silent Ransom Group (SRG), also known as Luna Moth, is targeting U.S. law firms using a multi-stage attack vector that begins with social engineering to gain remote access and escalates to in-person data theft where actors physically connect USB drives to computers for data exfiltration. The stolen data is then used for extortion. Key indicators of compromise include unauthorized external drive installations and unsolicited individuals claiming to be IT support attempting to access systems.
Ransomware FBI warns law firms of in-person data theft by Silent Ransom Group May 27, 2026 Share By SC Staff According to Bleeping Computer, the FBI has issued a warning regarding the Silent Ransom Group (SRG), an extortion gang that is now employing in-person data theft tactics to target U.S.-based law firms. SRG actors initiate attacks by posing as IT support staff, contacting victims via phone calls or phishing emails to solicit a remote desktop session. If this fails, they resort to sending an actor to the victim's location to physically insert USB drives or external hard drives into computers for data exfiltration. The FBI identified unauthorized installation of external drives and individuals claiming to be IT support attempting to access computers as potential indicators of an SRG attack. The stolen data is then used for extortion, with threats to publish it online or pressure victims through calls to employees or clients. Also known as Luna Moth, this group has been active since at least 2022 and has specifically targeted legal and financial organizations in the U.S. since early 2023. SRG emerged after the Conti ransomware shutdown in March 2022, rebranding into smaller units focused on data theft and extortion. Source: Bleeping Computer An In-Depth Guide to Ransomware Get essential knowledge and practical strategies to protect your organization from ransomware attacks. Learn More SC Staff Related Malware BTMOB Android RAT poses significant threat with easy-to-use builder SC Staff May 27, 2026 First identified in February 2025, BTMOB evolved from the SpySolr malware. Ransomware Mass database extortion causes significant damage despite low payment rates SC Staff May 27, 2026 The Ransomnews Research Team's five-year study, spanning from May 2021 to May 2026, analyzed over 65,000 exposed databases, finding that 46.3% contained ransom or wipe notes. Phishing Formula 1 fans targeted by evolving scams, Bitdefender warns SC Staff May 26, 2026 Bitdefender's Fan Threat Index highlights four major threats targeting Formula 1 enthusiasts: counterfeit merchandise, fraudulent ticket sales, malicious streaming services, and sophisticated social engineering attacks. Related Events Cybercast Ransomware reloaded: Finding resilience when attackers wield AI On-Demand Event Virtual Conference Ransomware Resilience: Strategies to Defend, Mitigate, and Recover On-Demand Event Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe You can skip this ad in 5 seconds