Silent Ransom Group Is Actively Targeting Law Firms, FBI Issues Heightened Warning (🚩Urgent Update)

🚨 UPDATE : FBI Warns Attorneys of Impersonation Scams Targeting Law Firms

In addition to the callback phishing campaigns described below, the FBI’s Internet Crime Complaint Center (IC3) has issued a new warning about scammers impersonating FBI agents and bar association officials to defraud attorneys and law firms.

Between December 2023 and February 2025, reports were filed about criminals using emails, phone calls, and even Telegram accounts claiming to be from IC3 or “federal recovery programs.” In June, attorneys in Washington State also received spoofed bar emails requesting personal information.

🚩 What’s new:

1. Fake IC3 agents are contacting attorneys about “recovering funds” or assisting in investigations.

2. Victims are directed to pay for recovery tools or submit confidential firm information.

3. Spoofed bar emails (e.g. @wsba.org.virrumail.com) were used to collect attorney data.

This is a dangerous evolution of the threat. Criminals are now impersonating not just IT providers, but also regulators and law enforcement.

(Original Blog Post from June 3rd, 2025) ---------------

Law Firms Targeted by Silent Ransom Group in Callback Phishing Campaigns

The FBI warns of a cybercrime ring actively exploiting the legal industry

The FBI’s Internet Crime Complaint Center (IC3) has issued a warning about an active cyber threat targeting U.S.-based law firms. The group, known as Silent Ransom Group (SRG), also tracked as Luna Moth, Chatty Spider, or UNC3753, is using highly convincing IT-themed callback phishing emails and phone calls to gain access to systems and steal sensitive client data.

Once they’re in, they don’t encrypt files like traditional ransomware. Instead, they quietly exfiltrate sensitive information and demand payment, threatening to leak your firm’s data unless you comply.

Why Law Firms Are Being Targeted

Since Spring 2023, SRG has consistently focused on the legal industry due to:

• The confidential nature of client and case data

• Firms often have less mature cybersecurity defenses

• A higher likelihood of paying a ransom to avoid exposure

This isn't random. They're choosing law firms on purpose, and they’re succeeding.

How These Attacks Work

1. A phishing email appears to be from your firm’s IT provider or a familiar software vendor.

2. The message asks the recipient to call a number to resolve a fake issue.

3. On the call, attackers guide the employee to install a remote access tool.

4. They then steal files silently and use them for extortion.

These aren’t sloppy scams. They’re well-scripted, targeted attacks designed to fool even cautious employees.

What You Can Do Right Now

• Educate your staff to spot social engineering and phishing tricks, especially callback phishing.

• Review remote access permissions and limit who can install software.

• Install proactive threat detection tools to flag unusual activity.

• Backup files off-network, and test recovery procedures regularly.

• Conduct a high-level security review to identify risks before attackers do.

How Shield IT Networks Can Help

At Shield IT Networks, we've helped law firms of all sizes defend against today’s most advanced cyber threats, including the tactics now being used by Silent Ransom Group.

As the exclusive cybersecurity partner of CalBar Connect and the California Lawyers Association, we understand the legal industry’s unique risks and compliance pressures.

We equip firms with CyberStack, our enterprise-grade cybersecurity platform that combines proactive threat detection, secure backups, endpoint protection, and more. It’s built to give small and mid-size law firms access to the same level of protection that Fortune 500 companies rely on.

✅ If you are a licensed California attorney or active CLA member, you may qualify for a complimentary Cybersecurity Vulnerability Assessment (a $8,000+ value). Start with a 15-minute call with one of our cybersecurity experts.

👉 Schedule Your 15-Minute Call

Don’t wait until your firm becomes a target. Let’s secure your practice before attackers find their way in.