The FBI warned Tuesday that the Silent Ransom Group (SRG), a Russia-linked extortion gang that emerged from the Conti ransomware syndicate in 2022, is dispatching operatives into U.S. law firm offices to insert USB drives and steal client data.
The FBI’s Internet Crime Complaint Center (IC3) issued the flash alert on May 27, 2026, one year after its previous advisory on the group.
SRG actors call or email employees posing as IT support, directing them to open a remote desktop session. When that fails, the group dispatches an operative to the firm and inserts an external drive into a computer.
“The threat actor tells the victim they need to image the device or create a backup file to address potential impacts from the phishing email,” the FBI stated.
The group uses WinSCP or Rclone to exfiltrate files, staging data on Google Drive or Microsoft OneDrive. SRG does not deploy ransomware but threatens to publish stolen files on its data leak site and contacts victims’ employees and clients to pressure payment.
Researchers told CyberScoop the group has claimed more than 100 attacks and that its hybrid tactics have “no known parallels across the vast cybercrime ecosystem.” Recent attacks left few forensic artifacts and evaded antivirus tools by using legitimate system management software.
In April 2026, Jones Day confirmed a phishing incident affecting files for 10 clients after SRG listed the firm on its data leak site and demanded $13 million, according to DataBreaches.net.
Also known as Luna Moth, Chatty Spider, and UNC3753, SRG has consistently targeted U.S. law firms since Spring 2023, which the FBI attributes to “the highly sensitive nature of legal industry data.”
The FBI advised organizations to disable external drive connections, block port 22, require phishing-resistant multifactor authentication (MFA), and verify IT support credentials.
