IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Ransomware gang claims to have hacked the NRA

“Grief" gang says it has already leaked some of its stolen data to the dark web

Handguns placed on a US flag beside the logo for the National Rifle Association

A ransomware gang thought to be based in Russia has claimed responsibility for hacking into systems belonging to the National Rifle Association and leaking data to the dark web.

It's not known how much, if any, data the gang has collected from the organization, but members of the infosec community have already posted screenshots of the leaked data to Twitter.

These files show data related to the various grants the NRA has awarded in recent years, according to reports by the Associated Press.

The ransomware group, known as Grief, claims to have posted 13 files to its website, and has threatened to release more if the NRA refuses to pay a ransom, according to an NBC report, although it's currently unclear how large this ransom is.

The files, seen by NBC reporters, include a blank grant proposal form, a list of recent grant recipients, an email to a recent grant winner earlier this month, and an IRS W-9 form. The minutes of an NRA teleconference meeting held last September were also found in the files.

NRA spokesman Andrew Arulanandam took to Twitter on Wednesday to say that his organization “does not discuss matters relating to its physical or electronic security. However, the NRA takes extraordinary measures to protect information regarding its members, donors, and operations – and is vigilant in doing so.”

Related Resource

The best defence against ransomware

How ransomware is evolving and how to defend against it

Blue padlock Free download

However, according to the Associated Press, a person with direct knowledge of the situation revealed the NRA had issues with its email system this week, a signal of a possible ransomware attack.

Grief is considered by many in the infosec community to be a rebrand of another ransomware group known as Evil Corp. Evil Corp is currently under sanctions by the U.S. Treasury Department, following the theft of more than $100 million from banks and other financial institutions across 40 countries.

According to Allan Liska, a ransomware analyst at the cyber security firm Recorded Future, the two groups are one and the same. Liska added that it is highly unusual for political groups, such as the NRA, to be targets of a ransomware attack.

"It's not likely that this was specifically targeted at the NRA — the NRA just happened to get hit," he told CBS News. "You never know, though."

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Darktrace AI’s Antigena helps stop ransomware attack at Dordogne GHT
ransomware

Darktrace AI’s Antigena helps stop ransomware attack at Dordogne GHT

13 Apr 2022
Sabbath hackers are targeting US schools and hospitals
ransomware

Sabbath hackers are targeting US schools and hospitals

29 Nov 2021
Out-of-hours ransomware attacks have a greater impact on revenue
ransomware

Out-of-hours ransomware attacks have a greater impact on revenue

18 Nov 2021
US and Israel join forces to fight ransomware
ransomware

US and Israel join forces to fight ransomware

15 Nov 2021

Most Popular

Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
How full-stack observability can accelerate IT innovation
Sponsored

How full-stack observability can accelerate IT innovation

3 May 2022