Files from what appears to be from the The National Rifle Association (NRA) have been posted to the dark web by Russian hacking group Grief Gang. On October 27, Grief posted 13 files to its website, claiming they had been stolen from the NRA, though it failed to detail the actual alleged attack.
What is Grief?
Grief is a relatively new hacking group likely based in Russia. Industry analysts believe them to be either affiliated with or part of
Evil Corp, another Russian cybercriminal organization. This group was sanctioned in 2019 by the United States government after stealing $100 million from hundreds of banks and other financial targets. In this most recent attack, reports indicate that Grief was attempting to install ransomware on the firearm organizations servers, and were able to steal files.
What Did Grief Leak?
The Associated Press reviewed the leaked documents and revealed they were connected to grants awarded by the
NRA, a W-9 form and minutes from an internal September teleconference meeting.
Grief is intending to leak more of the organization's information if they aren't compensated, although NBC reports that the group hasn't said how much.
Why was the NRA targeted?
The Russian ransomware group first appeared in May and has been pursuing targets since, with the NRA being their latest target.
It's rare for a politically engaged organization like the NRA to be targeted by ransomware gangs, according to Allan Liska, an intelligence analyst at cybersecurity firm Recorded Future. He insisted there's no proof the attack was politically motivated and ransomware gangs mainly target susceptible technology rather than companies.
The attacks come at a time when NRA executives appear to be infighting and after the organization filed for bankruptcy earlier this year. Several lawsuits have also been levied at the NRA recently, including from the
New York Attorney General for fraud. Liska added that these events may prove distracting for security teams in the organization, citing them as a potential reason for Grief’s targeting of the NRA.
How did the NRA respond?
The NRA did not respond quickly to a request for comment. However,
CBS News reported that, a source with direct knowledge of the situation who was not allowed to discuss the topic publicly and spoke on the condition of anonymity shares that the NRA has been experiencing issues with its email system this week, which might be a symptom of a ransomware assault.
Andrew Arulanandam, managing director of NRA Public Affairs issued a message on Twitter in response to the event.
"The NRA does not speak about its physical or cyber security. The NRA, on the other hand, takes great precautions to safeguard information about its members, contributors, and activities – and is diligent in doing so."
Ransomware assaults have increased in recent years against a wide range of businesses and groups throughout the world, from the largest gasoline pipeline in the United States to Ireland's national health care, but few are as politically sensitive as the NRA.
President Joe Biden put pressure on Russia’s President Vladimir Putin over the summer to curb
ransomware attacks from Russian cybercriminal gangs.