The FBI has issued a warning about a cybercriminal group called Silent Ransom Group (SRG) — also known as Luna Moth — that has escalated from online phishing to physically showing up at law firms and businesses. After failing to gain remote access through fake IT helpdesk calls or phishing emails, SRG operatives will travel to a victim’s location, walk into the office posing as an IT worker, and plug a storage device directly into a company computer to steal files. The group has been consistently targeting U.S. law firms since 2023, but this in-person tactic represents a significant and alarming escalation.
The goal is always data theft, not ransomware encryption. Once they have sensitive files — client records, legal documents, financial data — SRG threatens to post them online or sell them unless a ransom is paid. Law firms are a prime target because they hold some of the most confidential information imaginable: personal injury cases, divorce proceedings, business litigation, and criminal defense records. Anyone whose information is held by a law firm could be at risk if that firm is compromised.
How to check if you’re affected
Affected models of attack follow a clear pattern: an unexpected call from “IT support” asking you to allow remote access, followed by a stranger visiting the office who asks to connect a USB device. No legitimate IT department sends an unannounced visitor to plug in hardware. If your workplace uses a law firm or handles legal records, affected products include any document management system, email archive, or file server storing client data. Ask your IT department whether external physical visits require an advance work order and photo ID verification — if no such policy exists, it’s time to create one.