Silent Ransom Group Targets US Law Firms with Rapid Extortion Attacks

Silent Ransom targets US firms with fake invoices and IT support calls, demanding ransom within hours. Learn about their swift tactics.

By Content Team

Jun 9, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

A threat group called Silent Ransom (also tracked as UNC3753, Luna Moth, and Chatty Spider) has been hitting US law, financial, and professional services firms with a slick social engineering campaign between January and May 2026, according to Google's Mandiant division.

The attacks start with a fake invoice email, followed by a phone call from someone pretending to be IT support. Victims are talked into screen-sharing sessions and downloading remote access tools. In some cases, attackers physically showed up at offices with USB drives to steal data directly.

Once inside, the group moves fast — sometimes from initial contact to extortion demand in under an hour. Ransom demands come with a three-day deadline and threats to notify clients, partners, and journalists if victims don't comply.

Source: Dark Reading

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

CISA Issues Urgent Warning as Hackers Exploit Critical Craft CMS Vulnerability

Mar 24, 2026

Madison Square Garden Confirms Data Breach After Ransomware Attack

Mar 3, 2026

Hackers Exploit Critical Langflow Bug in Just 20 Hours

Mar 20, 2026

FortiGate Firewalls Under Attack: Hackers Exploit Critical Vulnerabilities to Steal Corporate Credentials

Mar 15, 2026