USA National Rifle Association Under Ransomware Attack
The National Rifle Association has found itself in the cross hairs of Russian hackers. The infamous guns and ammunition entity has been the unwilling recipient of the most recent ransomware attack. Analysts following the attacks stated that numerous private information was stolen and posted on the Dark Web by “Grief”.
On October 27th, 2021, The Russian ransomware hackers “Grief” posted an example of data it claimed to have stolen from the National Rifle Association. While dealing with ransomware is often troublesome, “Grief” presents even more complications for being connected to the infamous “Evil Corp” gang—which has faced US Treasury sanctions since December 2019. Due to this, not even paying off “Grief” is a good option as you could face penalties.
The US government has been progressively aggressive with imposing sanctions on cyber criminal groups. Lately, the White House has hinted to target other ransomware hacking groups.
The NRA has not confirmed the attack or the legitimacy of the allegedly stolen documents, which researchers say include items related to rant applications, letters of political endorsement, and apparent minutes from a recent NRA meeting. Additionally, cyber attack analysts claim the NRA’s email system went down because of a ransomware attack late last week.
By Friday, however, Grief removed the NRA posting from its dark website. Brett Callow, a threat analyst at antivirus company Emsisoft, warns not to read into this development, as it may just be a scare tactic on behalf of the group. Otherwise, delisting may mean a payment took place, or the group has entered negotiations with the victims.
“Grief,” however, is more complicated by itself, though investigators agree that this group could be one of many fronts for “Evil Corp”.
With the murky trail of ransomware hackers and their malware, Grief may be a spinoff group—not Evil Corp itself. Analysts have looked into the attackers’ methods like encryption file format and distribution mechanisms to determine its association. In the case of Grief, the group has technical similarities to other Evil Corp–linked entities like DoppelPaymer and uses the Dridex botnet—historically Evil Corp’s signature product.