By Julie Bays, Practice Management Advisor

The FBI has issued a warning about a cybercriminal group known as the Silent Ransom Group (SRG), also called Luna Moth or Chatty Spider, which is actively targeting U.S. law firms. These attackers are using convincing email and phone scams to trick staff into giving them remote access to office computers. Once inside, they steal sensitive data and demand ransom payments to prevent public exposure of that data.

SRG often pretends to be a company billing for a fake subscription. The emails instruct the recipient to call a number to cancel the charge. More recently, they’ve targeted law firms by impersonating law firm IT staff in phone calls, directing employees to join fake support sessions that give the hackers access to the system. Once in, they quickly copy client files using legitimate tools that may not trigger antivirus software, then they send a ransom demand.

Law firms are encouraged to take precautions like training employees to recognize phishing attempts, establishing clear IT communication protocols, enabling multi-factor authentication, and regularly backing up data. This alert highlights the importance of cybersecurity awareness for all employees in a legal office, not just IT teams.

https://www.ic3.gov/CSA/2025/250523.pdf