Cyber Alert: FBI Warns Law Firms in Pennsylvania About Silent Ransom Group Attacks

Everound urges law firms to take immediate action following FBI cybersecurity bulletin

The FBI has issued a nationwide cybersecurity alert warning of a sharp increase in cyberattacks targeting law firms by a threat group known as the Silent Ransom Group (SRG), also referred to as Luna Moth, Chatty Spider, and UNC3753. At Everound, we are alerting our clients and the broader Pennsylvania legal community to this growing threat, and encouraging all firms—large and small—to take immediate, proactive steps to protect their systems and sensitive client data.

According to the FBI’s May 2025 bulletin, SRG has been active since 2022 but has recently intensified its focus on law firms due to the highly confidential and valuable nature of legal data. The group uses social engineering and deception—not encryption—to gain access to internal systems. In many cases, attackers impersonate well-known subscription services and send phishing emails claiming a pending charge. Victims are then tricked into calling a number to cancel the charge, during which they are guided to install legitimate remote access tools like Zoho Assist, AnyDesk, or Splashtop. These tools give SRG remote entry into the system without raising red flags.

More recently, SRG has begun cold-calling employees while posing as internal IT staff. During these calls, they instruct victims to join remote sessions and claim that routine IT work is needed. Once connected, attackers use tools like WinSCP and Rclone to steal sensitive data and then send ransom emails threatening to publish or sell the stolen information. These attacks often bypass antivirus software because they rely on legitimate tools and require minimal privilege escalation.

As a Managed Services Provider (MSP) working with law firms and businesses across Pennsylvania, Everound is deeply concerned by this development. Law firms—especially small and mid-sized practices—are attractive targets for cybercriminals due to their high-value data and often limited in-house IT resources.

We strongly recommend that law firms immediately review their cybersecurity posture. Key steps include:

• Cybersecurity Awareness Training: Educate staff to recognize phishing, impersonation attempts, and unsolicited IT-related calls.
• Multi-Factor Authentication (MFA): Ensure MFA is enabled across all critical systems and cloud services.
• Data Backups: Maintain secure, encrypted, and regularly tested backups of all essential data.
• IT Communication Policies: Establish and communicate clear internal policies on how your IT team will interact with staff—especially around remote support.
• Monitoring and Alerts: Watch for unauthorized software downloads and outbound data transfers, particularly via tools like WinSCP or Rclone.

Everound offers managed IT support, secure data backup solutions, cybersecurity training, MFA implementation, and technology consulting to help law firms defend against these exact threats. We also help organizations develop clear IT communication protocols and incident response plans.

If your firm receives suspicious calls or emails, or suspects it may be a victim of a cyberattack, we recommend reporting the incident to your local FBI field office. Sharing information such as ransom notes, phishing emails, or cryptocurrency wallet details can help law enforcement track and disrupt cybercriminal activity. Contact information for FBI field offices is available on their website.

Everound stands ready to assist Pennsylvania law firms with strengthening their cybersecurity defenses. For more information or to schedule a cybersecurity assessment, give us a call at (717) 312-5890.

‍