Silent Ransom
Silent Ransom Group (SRG) is a cybercrime extortion group active since 2022 and also tracked as Luna Moth, Chatty Spider, and UNC3753. Reporting in the provided content states the group has targeted U.S. organizations since 2023, with a particular focus on law firms and the broader professional services sector, and has also targeted financial, healthcare, and insurance organizations. The group is described as relying on social engineering for initial access, including phishing, callback phishing, voice phishing, and emails and phone calls impersonating IT support or help desk personnel. Victims are persuaded to install or grant access through legitimate remote assistance tools, including ZohoAssist, QuickAssist, and AnyDesk. The content states Silent Ransom typically focuses on a single workstation and generally avoids lateral movement, though in some 2025 cases it targeted two to three workstations over time. The group steals data and extorts victims by threatening publication rather than primarily encrypting systems, and it operates data leak sites to pressure victims. FBI reporting cited in the content says the group has also expanded to physical impersonation, including appearing in person at offices while posing as IT staff and, when remote access fails, seeking to insert storage devices or copy data to external media. The content also notes reporting that Silent Ransom emerged after the breakup of the Conti ecosystem, with former Conti members splitting into operations including Silent Ransom.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Targeting
Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.
Who they target
Sectors the actor has been observed targeting.
- Commercial & Professional Services
- Banks
- Financial Services
Where they target
Geographies tied to known operations.
- 🇺🇸 United States
Tradecraft
6 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.
Recent activity
8 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Conducting cyber extortion campaigns against U.S. law firms and other legal, professional, and financial services organizations by stealing sensitive data and threatening public exposure rather than encrypting systems.
Conducts extortion-focused intrusions against organizations by posing as IT support via email and phone, using legitimate remote access tools, and when remote access fails, sending an impersonator onsite to gain physical access and insert a storage device for data theft. The group pressures victims to pay to prevent exposure of stolen data and operates a data leak site rather than encrypting systems.
Silent Ransom is a ransomware group that uses callback phishing to target insurance and law firms, focusing on data theft and extortion.
Silent Ransom is a ransomware group that uses callback phishing to target insurance and law firms, focusing on data theft and extortion.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.