Silent Ransom Group Leaked Another Big Law Firm: Orrick, Herrington & Sutcliffe

Law firms have become prime targets for ransomware groups that blend extortion with public data dumps. The Silent Ransom Group, also known as Luna Moth or UNC3753, has built a reputation for infiltrating top‑100 firms and refusing modest payouts. By leaking data on a clear‑net portal, SRG maximizes exposure, forcing victims to weigh reputational damage against the cost of a ransom. This tactic pressures firms to adopt more aggressive negotiation stances, yet it also signals that even firms with recent security investments remain vulnerable.

Orrick’s breach illustrates the challenges of translating post‑incident security commitments into real‑world resilience. Despite a 2024 settlement that mandated continuous vulnerability scanning, endpoint detection, and 24/7 managed response, SRG slipped past defenses without deploying malware, likely using phishing or social engineering. The leaked tranche included over 70 files labeled “CONFIDENTIAL,” client complaints against StubHub, and litigation documents dating back to 2013, all stored in plaintext. The public‑facing leak site amplified the risk, allowing anyone with a browser to download sensitive information, which could trigger further legal exposure and client attrition.

For the broader legal sector, the Orrick episode serves as a cautionary tale about the limits of reactive security upgrades. Firms must prioritize proactive measures such as multi‑factor authentication, encrypted at‑rest storage, and strict segmentation of legacy data. Moreover, the industry should develop coordinated response frameworks that balance the dangers of paying ransom against the fallout of a full public disclosure. As ransomware groups continue to refine their extortion‑by‑leak playbook, law firms that fail to harden their data pipelines risk not only financial loss but also irreversible damage to client trust.