The FBI alerts that the Silent Ransom Group, also known as Luna Moth and Chatty Spider, has been targeting U.S. law firms with social engineering, impersonating IT support to access networks. Their tactics include data exfiltration and ransom demands without system encryption, often demanding up to $8 million. #SilentRansomGroup #LunaMoth #UNC3753 #Ryuk #Conti
Keypoints
- The Silent Ransom Group has been active since 2022, primarily targeting U.S. law firms and financial institutions.
- They use social engineering tactics, such as impersonating IT support via email, calls, and fake websites, to gain network access.
- Once inside, they perform minimal privilege escalation, then quickly exfiltrate data using tools like WinSCP and Rclone.
- The group demands ransom payments, often between one to eight million USD, threatening to leak stolen data.
- FBI recommends strong passwords, two-factor authentication, regular backups, and staff training to defend against these attacks.