Ransomware gang says it hacked the National Rifle Association
A ransomware gang believed to operate out of Russia says it hacked the National Rifle Association, the most powerful gun-rights group in the United States.
The gang, which calls itself Grief, published a handful of what appear to be the NRA files on a so-called dark web site. The files, reviewed by The Associated Press, relate to grants the NRA has awarded. Ransomware gangs often post a victim's files publicly in hopes of spurring them to pay out a ransom.
The NRA did not immediately return a request for comment. But a person with direct knowledge of the situation who was not authorized to discuss the matter publicly and spoke on condition of anonymity said the NRA has had problems with its email system this week — a potential sign of a ransomware attack.
Ransomware attacks have spiked in recent years against all manner of companies and organizations, but rarely are the targets as politically sensitive as the NRA. The group has long enjoyed close ties to top Republican lawmakers and been a been a major supporter of Republican candidates. The NRA spent tens of millions of dollar in the past two presidential elections trying to help Donald Trump.
The group has been beset by legal and financial troubles in recent years but remains a potent force politically and has more than 5 million members.
Allan Liska, an intelligence analyst at the cybersecurity firm Recorded Future, said it's highly unusual for a politically active group such as the NRA to be targeted by ransomware gangs, but he said there is no evidence the attack was politically motivated. He said ransomware gangs usually do not target organizations, but rather vulnerable technologies.
"It's not likely that this was specifically targeted at the NRA — the NRA just happened to get hit," he said. "You never know, though."
Email a top target
Liska said the email problems could be related to the ransomware attack. He said email systems are top targets of ransomware gangs because they often contain sensitive information and hamper an organization's response to an attack, further incentivizing them to pay a ransom.
Victims of ransomware attacks run the risk of repeat attacks, according to a report published by U.S. cybersecurity firm, Cybereason. The Boston-based firm found that 80% of organizations that previously paid ransom demands confirmed they were exposed to a second attack, according to a commissioned survey of 1,263 cybersecurity professionals in varying industries from the U.S., United Kingdom, Spain, Germany, France, United Arab Emirates and Singapore.
Spokespeople for the FBI did not immediately return a message seeking comment.
Greif is believed by many cybersecurity experts to be linked to Evil Corp, a ransomware gang that was previously active. The U.S. Treasury Department imposed sanctions on the group in 2019, saying it had stolen more than $100 million from banks and financial institutions in 40 countries.
U.S. and Russian ties have already been strained this year over a string of high-profile ransomware attacks against American targets launched by Russia-linked cyber gangs.
According to research from cybersecurity firm Analyst1, Russian intelligence services worked with prominent ransomware gangs to compromise U.S. government and government-affiliated organizations.
President Joe Biden has warned Russian President Vladimir Putin in an effort to get him to crack down on ransomware criminals, but several top Biden administration cybersecurity officials have said recently that they have yet to see evidence of that.
