There’s a fast-growing attack doing the rounds that doesn’t rely on a dodgy link at all — it relies on a phone call. The Silent Ransom Group (also tracked as Luna Moth) has been hitting law firms and professional-services businesses by phoning staff, posing as the internal IT help desk, and talking them into starting a remote-support session — then stealing data within hours. As reported by BleepingComputer, the campaign follows an FBI alert and fresh Mandiant research, and it’s part of a wider 2026 shift to “data-theft extortion”: no file encryption, just stolen files and a ransom demand to keep them off a leak site.

Why it matters here: the targets are firms that hold concentrated, sensitive client information — the same profile as the financial-advice practices, accountants, legal and strata businesses we look after across Sydney and the Central West. The attackers don’t need a software flaw. They talk a real person into installing a legitimate remote-access tool like AnyDesk, Quick Assist or Zoho Assist, and once they’re in, contracts, tax records and client files walk straight out the door. Ransom demands have been landing within 30 minutes — and under Australia’s Notifiable Data Breaches scheme, a confirmed theft of client information is yours to report.

What to do: tell your team today, in one plain sentence — your real IT provider will never cold-call and ask them to install remote-access software or read out a code. If a call like that comes in, hang up and ring IT back on a number you already have, not one the caller gives you. Lock down which remote-support tools are even allowed to run, keep MFA on everything, and make “verify the caller” a standing rule rather than a one-off email.

If you’d like this built into how your business actually runs, it’s exactly what our managed cybersecurity and security awareness training are for.