Based on internal intelligence corroborated by a recent FBI alert, a highly active cyber extortion group is exploiting businesses through data theft and extortion tactics. We recommend businesses take immediate action to ensure their teams and cyber defenses are prepared.
What we know
Operating under various names including Silent Ransom Group (SRG), Luna Moth and DragonForce, an emerging cyber extortion group is targeting a wide range of businesses across multiple regions. Our threat intelligence team has been tracking this group’s activity for some time, and recent findings from the FBI confirm the threat is growing. We believe SRG has ties to previous ransomware operations and is now rebranding under new names.
The group’s activity has been concentrated in the US, with law firms, healthcare providers, managed service providers (MSPs), insurers, retailers and other professional services commonly targeted. However, since these attacks require only low-level user access, any business could be at risk.
What’s happening?
Unlike traditional ransomware attacks that lock and encrypt systems, this group focuses on stealing a copy of their sensitive data and threatening to leak it unless a ransom is paid, exploiting regulatory obligations and the threat of reputational harm. Their tactics rely on social engineering and legitimate remote access tools, making them particularly hard to detect and defend against.
Attacks typically begin with a fake subscription email and phone call, prompting victims to contact a bogus support team. Once engaged, the attackers trick the user into granting remote access to their devices or installing remote assistance tools like QuickAssist or AnyDesk. From there, data files are exfiltrated, followed by a ransom demand. Because they don’t use malware or encryption, these attacks can evade antivirus and traditional security software.
How to help protect your business
These developments mark a shift in cybercriminal behavior that businesses should address proactively, raising awareness for social engineering tactics among employees while implementing strict controls around remote access.
We recommend:
- Ensuring staff remain vigilant to phishing attempts and report suspicious communications
- Encouraging the use of strong, unique passwords and enabling multi-factor authentication (MFA) wherever possible. For more on MFA best practices, read our cyber tips piece on multi-factor authentication
- Monitoring and auditing your password activity
- Monitoring for unauthorized remote access tools and unusual outbound connections
All CFC cyber policyholders benefit from our proactive cyber security services and can contact our cyber security team 24/7/365.
At CFC, we’ll continue to monitor this threat closely to help businesses stay protected.
Please get in touch via our Response app to report any suspicious activity or use the ‘Ask the expert’ function if you have any questions. You can also get in touch via customersupport@cfc.com for any questions or support.
