The Grief Ransomware gang
The Grief ransomware gang, which has links to the well-known Russian cybercrime organization Evil Corp, revealed information related to the NRA on its leak site. This post sparked headlines and raised anxiety among the gun rights organization’s members.
The NRA Ransomware
In response to that, the NRA came up with a statement in which it doesn’t become clear whether or not they had been targeted by ransomware.
On Wednesday, NRA Public Affairs director Andrew Arulanandam, posted on Twitter to assure members that the organization is applying robust measures to protect the data of its members.
In his post, the director says that NRA does have a policy to discuss about the security of its facilities, both physical and digital ones. He assures, however that the NRA goes to great lengths to protect the personal information of its members, contributors, and employees.
Earlier the same day, the Grief ransomware gang posted it its data leak site that it has 13 files from the NRA’s databases. Cybersecurity experts immediately started commenting about the event on their blogs. According to an analysis of the disclosed records, they include minutes and grant documentation from a recent NRA board meeting. The cybercriminals included a threat of future leaks if the NRA didn’t pay an unspecified amount of ransom money.
To make matters worse, in 2019 the US Treasury Department sanctioned Evil Corp, meaning the NRA would have to get approval before paying any ransom.
According to researchers that have been keeping an eye on Grief’s activity in 2021, a lot of the gang’s efforts were spent attacking educational systems and municipal governments throughout the United States particularly those in New York, Alabama, Texas, Washington and Mississippi.
In relation to the potential threat, NRA members are advised to take precautions and avoid any negative consequences that might arise from this data compromise. Moreover, there is no assurance that Grief will delete the stolen material even if the NRA pays the ransom.
Researchers are concerned that cybercriminals may exploit tax forms included in the data leak to commit tax fraud. Therefore, they advise users to plan ahead of time and watch out for unauthorized tax filers.
Evil Corp is an active threat actor that has been linked to another major ransomware attack from the last week on Sinclair Broadcast Group, which owns and operates hundreds of US news stations.