Cyber·Monitoring
Shai-Hulud Supply-Chain Attack Trojanizes 19 PyPI Packages
PyPI repository (global online service)· Global4 Jun
5 reportsPROPCYCAS
MediumAI Refreshed
ClosedLow impactAI Generated
FBI Warns Silent Ransom Group Targeting US Law Firms
Occurred 1 Jan 2023·Detected 27 May 2026·
🇺🇸 United States, nationwide; law firms and professional services organisations across multiple sectors4 reportsCAT RANMEnded 27 May 2026
CyberPropertyCyberCasualty & Liability
The FBI has issued a public advisory warning that Silent Ransom Group (SRG), a Conti ransomware successor, is targeting U.S. law firms through phishing, fake IT support calls, and in-person office visits to steal sensitive data for extortion. The group also targets healthcare, insurance, and financial sector organisations. No confirmed successful intrusions or loss estimates are provided in the advisory.
AI-generated from linked source reports. See our correction policy.
Impact verdict
Low impact. While the FBI advisory highlights a persistent and escalating threat to U.S. law firms and insurance/financial sector organisations, no confirmed successful intrusions, named victim organisations, or insured loss estimates are provided. The advisory is a threat warning without a concrete London Market loss pathway — no claims, reserving actions, or specific insured asset losses are evidenced. Cyber underwriters writing professional services and financial institution books should monitor, but no immediate market action is warranted.
View assessment methodologyHow we grade what we know -- Known · Reported · Uncertain. Methodology →
Intelligence ledger
Each line expands in place to its underlying sourced claim.
Known7 lines
FBI issued public advisory on 26 May 2026 regarding Silent Ransom Group (SRG) targeting U.S. law firms▾
structured lineknown
No separate sourced-claim record is available for this line yet.
SRG also tracked as Luna Moth, Chatty Spider, and UNC3753▾
structured lineknown
No separate sourced-claim record is available for this line yet.
Group uses phishing, vishing (fake IT calls), and in-person office visits to obtain remote access▾
structured lineknown
No separate sourced-claim record is available for this line yet.
Data is exfiltrated via legitimate tools (Google Drive, Microsoft OneDrive) and extortion threatened unless ransom paid▾
structured lineknown
No separate sourced-claim record is available for this line yet.
SRG has been active since at least 2022, emerging after Conti ransomware syndicate collapse▾
structured lineknown
No separate sourced-claim record is available for this line yet.
FBI issued a similar warning about SRG in 2025▾
structured lineknown
No separate sourced-claim record is available for this line yet.
Sectors targeted include law, healthcare, insurance, and financial services▾
structured lineknown
No separate sourced-claim record is available for this line yet.
Reported3 lines
Latest campaign observed in spring 2026 involves attackers posing as internal IT personnel▾
structured linereported
No separate sourced-claim record is available for this line yet.
Physical office visits used as fallback when remote methods fail▾
structured linereported
No separate sourced-claim record is available for this line yet.
Attackers use external storage devices (hard drives, USB) during in-person intrusions▾
structured linereported
No separate sourced-claim record is available for this line yet.
Uncertain4 lines
Number of U.S. law firms targeted in the latest campaign is unspecified▾
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Whether any intrusions were successful is not confirmed by the FBI▾
structured lineuncertain
No separate sourced-claim record is available for this line yet.
No insured loss estimates or specific named victim organisations disclosed▾
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Scale of data exfiltrated, if any, is unknown▾
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Geographic Zone Matches
3 active matches
- TRIA Certified AreasRule-basedConfidence 100%
- Caribbean Hurricane ZoneRule-basedConfidence 100%
- Pacific Ring of FireRule-basedConfidence 100%
Geographic zone matches are RiskEvents spatial/analytical indicators, not coverage determinations or Lloyd's official classifications.
Affected countries
🇺🇸 United States
Timeline
Corroboration8 Jun 2026, 20:17
Cybersecurity experts warn that the Silent Ransom Group is physically breaking into business offices to gain network access and launch ransomware and extortion campaigns. This hybrid physical-cyber attack approach represents an evolving threat vector relevant to cyber insurance underwriting and risk assessment.
Source: techradar.com (Mainstream Media) · View source
Corroboration7 Jun 2026, 14:34
The Silent Ransom Group extortion gang is actively targeting U.S. law firms and professional services organizations through social engineering calls impersonating IT support, often resulting in data theft within hours. The campaign highlights an ongoing cyber extortion threat relevant to professional indemnity and cyber insurance books serving the legal sector.
Source: BleepingComputer (Trade Media) · View source
Status Change2 Jun 2026, 13:05
Lifecycle changed
monitoring → closed
Closure2 Jun 2026, 13:05
Event Closed
auto_closed_monitoring_timeout
Corroboration27 May 2026, 22:18
Law firm Weil Gotshal & Manges paid a double-digit million dollar suppression payment to the Luna Moth (Silent Ransom Group) cybercriminal extortion group to prevent publication of stolen client data. The FBI has issued an alert in connection with the group. This is a significant cyber extortion incident at a major international law firm with direct implications for cyber insurance books.
Source: The Insurer (Trade Media) · View source
Status Change27 May 2026, 21:30
Status changed to monitoring
Auto-transitioned: no updates for 6 hours
active → monitoring
Status Change27 May 2026, 15:08
Lifecycle changed
developing → active
Status Change27 May 2026, 15:08
Lifecycle changed
signal → developing
Initial Detection27 May 2026, 14:58
Initial Detection
The FBI has issued a public advisory warning that Silent Ransom Group (SRG), a Conti ransomware successor, is targeting U.S. law firms through phishing, fake IT support calls, and in-person office visits to steal sensitive data for extortion. The group also targets healthcare, insurance, and financial sector organisations. No confirmed successful intrusions or loss estimates are provided in the advisory.
Law firms remain particularly attractive targets because they hold large volumes of sensitive legal, financial, and corporate information, the FBI said. Beyond law firms, SRG has also targeted organizations in the healthcare, insurance and financial sectors.
Source: The Record (Cyber) (Trade Media) · View source
Lloyd's classifications
Tracking this kind of risk? Get an email when Cyber events escalate.
Get alerts