Silent Ransom Group shifts from Conti-linked ransomware participation to standalone data-theft extortion
Threat Actor Meta
Summary
Hide ▲
Show ▼
Since 2022, Silent Ransom Group has operated as a standalone data-theft extortion actor after the Conti syndicate shut down, changing how it monetizes access and pressure. The shift away from traditional ransomware encryption gives the group a more focused extortion model built around stolen data and leak threats. That operating-model change shapes its current extortion business across high-value victim sectors.
Related Happenings
Silent Ransom Group US law firm IT impersonation campaign
Campaign
First: 29.05.2026 16:00
Last: 29.05.2026 16:00
Sources 1
How related:
The Silent Ransom Group extortion gang is actively targeting U.S. law firms and professional services organizations in social engineering attacks that often lead to data theft within hours of initial contact, according to a new report by cybersecurity firm Mandiant.
About this happening:
The **Silent Ransom Group (SRG)** is escalating a **campaign** against **US-based law firms**, using **IT impersonation**, remote access tricks, and in-person access attempts to r...
Silent Ransom Group US law firm IT impersonation campaign
CampaignHow related: The Silent Ransom Group extortion gang is actively targeting U.S. law firms and professional services organizations in social engineering attacks that often lead to data theft within hours of initial contact, according to a new report by cybersecurity firm Mandiant.
About this happening: The **Silent Ransom Group (SRG)** is escalating a **campaign** against **US-based law firms**, using **IT impersonation**, remote access tricks, and in-person access attempts to r...
U.S. sentencing of Deniss Zolotarjovs in Karakurt ransomware case
Law Enforcement
First: 05.05.2026 13:13
Last: 05.05.2026 13:13
Sources 1
About this happening:
**Deniss Zolotarjovs** was **sentenced to 8.5 years in prison** in the **United States** for serving as a **Karakurt ransomware** negotiator, resolving a cross-border cybercrime c...
U.S. sentencing of Deniss Zolotarjovs in Karakurt ransomware case
Law EnforcementAbout this happening: **Deniss Zolotarjovs** was **sentenced to 8.5 years in prison** in the **United States** for serving as a **Karakurt ransomware** negotiator, resolving a cross-border cybercrime c...
Beast ransomware group’s RaaS model and shared TTPs exposed through an open server
Threat Actor Meta
First: 20.03.2026 18:31
Last: 20.03.2026 18:31
Sources 1
About this happening:
An exposed **Beast ransomware group** server now shows its **RaaS operating model** and reusable toolset, complicating attribution across ransomware crews. The recovered materials...
Beast ransomware group’s RaaS model and shared TTPs exposed through an open server
Threat Actor MetaAbout this happening: An exposed **Beast ransomware group** server now shows its **RaaS operating model** and reusable toolset, complicating attribution across ransomware crews. The recovered materials...
Ransomware leak-post volume surged in 2024-2025 as extortion speed increased
Trend
First: 18.03.2026 21:37
Last: 18.03.2026 21:37
Sources 1
About this happening:
**Ransomware leak posts** surged from **6,034 in 2024** to **8,835 in 2025**, signaling a larger and faster **extortion ecosystem** that compresses defender reaction time. The inc...
Ransomware leak-post volume surged in 2024-2025 as extortion speed increased
TrendAbout this happening: **Ransomware leak posts** surged from **6,034 in 2024** to **8,835 in 2025**, signaling a larger and faster **extortion ecosystem** that compresses defender reaction time. The inc...
Scattered Lapsus Shiny Hunters' harassment-driven extortion operating model
Threat Actor Meta
First: 02.02.2026 18:15
Last: 02.02.2026 18:15
Sources 1
About this happening:
**Scattered Lapsus Shiny Hunters (SLSH)** is now using a **harassment-driven extortion model** that pairs stolen data with swatting, threats, and publicity pressure, raising the s...
Scattered Lapsus Shiny Hunters' harassment-driven extortion operating model
Threat Actor MetaAbout this happening: **Scattered Lapsus Shiny Hunters (SLSH)** is now using a **harassment-driven extortion model** that pairs stolen data with swatting, threats, and publicity pressure, raising the s...
Timeline
-
07.06.2026 17:09 2 articles · 3h ago
Initial report: Silent Ransom Group shifts from Conti-linked ransomware participation to standalone data-theft extortion
Initial DisclosureThe actor separated from the **Conti** syndicate after its 2022 shutdown and reoriented around **standalone data-theft extortion**. That transition established **Silent Ransom Group** as a distinct extortion brand rather than a ransomware-encryption operation.
Show sources
- Silent Ransom Group targets law firms with fake IT support calls — www.bleepingcomputer.com — 07.06.2026 17:09
- Silent Ransom Group targets law firms with fake IT support calls — www.bleepingcomputer.com — 07.06.2026 17:09