States use mercenary spyware technology, such as NSO Group’s Pegasus, Paragon’s Graphite, and Cytrox’s Predator, to remotely and clandestinely infect the smartphones of members of civil society and gain complete access to the targeted device’s data. While such invasive and powerful technology has been the focus of some limited government action to curb proliferation, the global spyware industry continues to thrive. Purportedly developed as a means of fighting crime and terrorism, spyware is sold to governments around the world, many of which have long histories of political repression and human rights abuses. Operating largely in secret and with little oversight, governments use mercenary spyware to target and gather information on human rights defenders, journalists, dissidents, and other members of civil society in violation of international human rights law. In addition to an absence of a global consensus on how to prevent such violations, there is a lack of accountability in the development, sale, and deployment of this technology and, most notably, a failure on the part of states or spyware companies to remedy these human rights violations. In the absence of any meaningful mechanism for remedy or reparation, this article investigates how members of civil society (in particular, journalists and human rights defenders) targeted by spyware have attempted to seek a remedy. First, the article describes the broader context in which mercenary spyware is used, focusing on the deleterious impacts it has on human rights when deployed by government institutions. Second, it surveys some of the different mechanisms that spyware targets have pursued to seek some kind of remedy for such violations. This includes civil litigation by spyware targets against perpetrating states and spyware companies, civil litigation led by companies whose services are exploited to deliver spyware (such as Apple and WhatsApp) against spyware companies, legislative reform efforts, and government-led commissions of inquiry. This article analyzes gaps and challenges that remain in obtaining a remedy for spyware targets. The paper concludes by suggesting areas for reform such that members of civil society may exercise more agency in the fight against spyware and may access meaningful remedies.