Ransomware gang claims to have hacked the NRA

News
By Rene Millman
published

“Grief" gang says it has already leaked some of its stolen data to the dark web

Handguns placed on a US flag beside the logo for the National Rifle Association

A ransomware gang thought to be based in Russia has claimed responsibility for hacking into systems belonging to the National Rifle Association and leaking data to the dark web.

It's not known how much, if any, data the gang has collected from the organization, but members of the infosec community have already posted screenshots of the leaked data to Twitter.

Garmin ‘paid multi-million dollar ransom’ via Arete IR intermediaries BlackMatter ransomware victims reclaim data using secret decryptor Two-thirds of organizations have fallen victim to ransomware

These files show data related to the various grants the NRA has awarded in recent years, according to reports by the Associated Press.

The ransomware group, known as Grief, claims to have posted 13 files to its website, and has threatened to release more if the NRA refuses to pay a ransom, according to an NBC report, although it's currently unclear how large this ransom is.

The files, seen by NBC reporters, include a blank grant proposal form, a list of recent grant recipients, an email to a recent grant winner earlier this month, and an IRS W-9 form. The minutes of an NRA teleconference meeting held last September were also found in the files.

NRA spokesman Andrew Arulanandam took to Twitter on Wednesday to say that his organization “does not discuss matters relating to its physical or electronic security. However, the NRA takes extraordinary measures to protect information regarding its members, donors, and operations – and is vigilant in doing so.”

RELATED RESOURCE

The best defence against ransomware

How ransomware is evolving and how to defend against it

FREE DOWNLOAD

However, according to the Associated Press, a person with direct knowledge of the situation revealed the NRA had issues with its email system this week, a signal of a possible ransomware attack.

Grief is considered by many in the infosec community to be a rebrand of another ransomware group known as Evil Corp. Evil Corp is currently under sanctions by the U.S. Treasury Department, following the theft of more than $100 million from banks and other financial institutions across 40 countries.

According to Allan Liska, a ransomware analyst at the cyber security firm Recorded Future, the two groups are one and the same. Liska added that it is highly unusual for political groups, such as the NRA, to be targets of a ransomware attack.

"It's not likely that this was specifically targeted at the NRA — the NRA just happened to get hit," he told CBS News. "You never know, though."

Rene Millman
Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.