"We’re From IT”—The New Scam Hitting Law Firms

It starts with a polite email about a $9.99 subscription you’ve never heard of. Or a call from “your company’s IT department” saying they need access to your laptop. Nothing seems urgent—until your sensitive files are in the wrong hands and a ransom demand hits your inbox.

This is the work of Silent Ransom Group (SRG)—also known as Luna Moth, Chatty Spider, or UNC3753—and they’re making headlines again in 2025 for going after one very specific target:

Law firms.

And they're not stopping there. Medical offices, insurance companies, and any business with high-value private data are fair game.

Who Is Silent Ransom Group?

The FBI says SRG has been active since 2022, but in the last year they’ve become alarmingly focused on law firms—likely because legal files are gold mines for sensitive, high-stakes information.

They don’t use malware bombs or sketchy links. Their attacks are personal and sneaky:

• Fake emails about a subscription charge
• A “support number” to cancel the fake charge
• A real person on the other end, guiding you to install remote access tools
• Then, overnight, your files are quietly stolen, encrypted, and ransomed

It’s low-tech social engineering with high-impact consequences.

New Twist: They’re Calling You

As of Spring 2025, SRG has ramped up live phone calls, impersonating IT staff to trick employees into giving remote access. Once inside, they don’t mess around:

• They quickly copy files using tools like WinSCP or Rclone
• They avoid setting off antivirus alerts by using legitimate software
• Then they email or call again—but this time, it’s a ransom demand

If the company doesn’t pay? SRG threatens to leak sensitive files on the dark web. And while they don’t always follow through, the risk is enough to put law firms in full panic mode.

How to Spot (and Stop) an SRG Attack

Most antivirus software won’t catch these. Why? Because SRG uses programs businesses already trust.

Here are the warning signs:

• New installs of Zoho Assist, AnyDesk, Syncro, or Splashtop
• Emails about subscriptions you never signed up for
• A request to call a number to cancel a charge
• A phone call from someone claiming to be from your IT department
• File transfers using WinSCP or Rclone to unknown servers

What You Can Do Today

Don’t wait until your firm's files are on a dark web leak site. These steps can help protect your business:

1. Train your staff on how phishing and fake IT calls work
2. Set clear policies for how real IT support will contact employees
3. Use two-factor authentication across all systems
4. Back up your data regularly—and store it securely
5. Monitor for remote access software installations

And most importantly: don’t assume antivirus alone is enough.

Don’t Wait for the Ransom Email — Call Managed Nerds Now

At Managed Nerds, we help law firms and small businesses stay ahead of evolving cyber threats like Silent Ransom Group.

We offer:

• Live employee training so your team knows exactly what to look for
• AI-powered threat monitoring that spots sneaky attacks in real time
• Remote access detection tools to stop SRG-style scams before they take hold
• Custom cybersecurity packages that fit your firm’s size and budget

Whether you're a solo attorney or a 50-person practice, we can help you lock down your systems—without the enterprise price tag.

Don’t wait for the call. Reach out to Managed Nerds today and let us help you shut the door on cybercriminals before they get in.