From extortion campaigns and stolen legal aid data to ransomware-fueled disruptions, 2025 has made one thing clear: no legal organization is immune. This edition covers the top cybersecurity threats facing law firms today.
Law Firms Targeted in Sophisticated Extortion Scheme by Luna Moth Group
The FBI has issued a new warning to U.S. law firms about an ongoing cyber extortion campaign led by a threat group known as the Silent Ransom Group (SRG), also referred to as Luna Moth.
Active since 2022, this group has been using social engineering tactics to infiltrate legal organizations without deploying traditional ransomware. Instead of encrypting data, SRG exfiltrates sensitive files and then pressures victims to pay up, threatening to leak confidential materials if their demands aren’t met.
Law firms are particularly vulnerable because of the high-value data they hold, from client files and contracts to sensitive litigation records. SRG operators typically pose as IT support personnel, reaching out via email or fake websites and urging employees to initiate remote access sessions.
Once inside the device, the attackers move quickly to extract data using tools like WinSCP and Rclone, often without triggering advanced security alerts. They follow up with ransom emails and even phone calls to staff to pressure firms into negotiations.
The attackers are also leveraging typosquatted domains and fake helpdesk portals to impersonate trusted law firm IT departments.
Their phishing emails contain urgent language designed to get staff to call phony support lines, where the operators then guide targets into installing Remote Monitoring and Management (RMM) software. This gives them full keyboard access and visibility into both local and networked data stores.
Ransom demands vary depending on the firm’s size, with some reaching as high as $8 million. According to the FBI and recent threat intelligence reports, SRG does not always follow through on threats to leak data, adding another layer of unpredictability to these attacks.
Law firms are advised to strengthen password policies, enforce multi-factor authentication, ensure regular data backups, and prioritize staff training on phishing and social engineering threats.
Staying Ahead of Ransomware: 3 Cybersecurity Pillars Law Firms Can’t Ignore
Ransomware attacks are growing faster, smarter, and more damaging, and law firms, with their confidential data and tight deadlines, are prime targets.
Data from 2024 shows that ransomware severity jumped 68% in the first half of the year, exposing law firms to higher risks, especially attorneys managing high-value litigation and financial matters.
To keep client data secure and operations uninterrupted, your firm needs more than antivirus software. You need a resilient security strategy built on three critical pillars: encryption, collaboration, and AI-driven defense.
1. Encryption
At the core of any effective security strategy is encryption, yet many firms still overlook it. In 2024, nearly two-thirds of “miscellaneous” cyber insurance claims stemmed from breaches of unencrypted systems.
If your law firm is still storing client records, contracts, or sensitive litigation materials in unencrypted formats, you’re making the attacker’s job easy. Encrypting data both in transit and at rest drastically reduces the damage a breach can cause.
When paired with MFA and real-time threat monitoring, encryption becomes a critical layer that helps keep your files safe even if bad actors get in.
2. Collaboration
Cybersecurity isn’t just a technical problem; it’s a systemic one. Law firms can’t afford to operate in silos. Cross-sector collaboration, particularly between the private sector and government agencies, is essential to building better defenses.
While global discussions around banning ransomware payments have gained traction, blanket policies could hurt smaller firms that lack the resources to recover without paying.
Instead of focusing solely on ransom bans, firms should prioritize intelligence sharing, rapid response protocols, and access to financial recovery tools. Cybercriminals continue to evolve their tactics, so coordinated defenses must evolve, too.
3. Artificial Intelligence
The good news? The same AI tools that criminals are starting to use can also work in your favor.
AI can help law firms identify suspicious activity earlier, analyze unusual file movements, and flag phishing attempts before anyone clicks. In fact, the U.S. Treasury recovered over $4 billion in fraud losses in 2024 using AI-based detection.
For law firms juggling tight schedules and confidential casework, AI can be the extra set of eyes watching your network. It helps automate monitoring, detect anomalies, and improve your response time, all without overwhelming your IT staff.
When Legal Systems Get Hacked: What the LAA Breach Means for Your Firm
Another serious breach and this time, it’s the UK Legal Aid Agency (LAA) in the headlines. Following an April cyberattack, the agency has now confirmed that over a decade’s worth of sensitive legal aid applicant data has been accessed and downloaded by attackers.
The LAA, which funds civil and criminal cases for people who can’t afford legal representation, supports some of the most vulnerable individuals in the legal system, from asylum seekers to those facing criminal charges.
The breach affects people who applied for legal aid as far back as 2010 through the agency’s digital service.
The exposed data isn’t just names and contact details. It includes:
- National ID numbers
- Dates of birth
- Criminal history
- Employment information
- Financial records (including debts and payments)
While exact figures haven’t been released, the LAA confirmed the data breach is far more extensive than initially believed. The attackers, whose identity remains undisclosed, successfully accessed this information before the online system was shut down on May 16.
In a public statement, LAA CEO Jane Harbottle called the breach “shocking and upsetting,” and announced emergency contingency plans to maintain services for applicants in need of urgent legal support.
This attack should serve as a wake-up call for legal professionals everywhere, especially those handling client data online. The lesson is simple: If a major government-backed agency can be breached, private law firms are even more vulnerable.
In recent months, UK giants like Harrods, Marks & Spencer, and the Co-op were also targeted. It’s clear that cybercriminals are shifting their focus toward high-impact, high-trust organizations and law firms fit the profile.
If your firm hasn’t reviewed its cybersecurity posture in the last six months, now’s the time. Don’t wait for a breach to realize what’s at stake.
Cybercriminals are adapting fast and law firms can’t afford to fall behind.
From insider threats to nation-state actors, the risks to legal data are rising. But so are the tools to fight back. If your firm hasn’t reviewed its cybersecurity strategy this year, now’s the time.
Whether you’re building internal defenses, training staff, or revising vendor policies, every step counts toward resilience.
Is your law firm ready for what’s next?
Schedule a security audit or staff training session today and start closing the gaps before attackers find them.
Contact Infoguard Security to learn more about our cybersecurity services.
If you found this newsletter helpful, share it with your colleagues.
Best regards,
