On the dark web, a well-known Russian cybercriminal gang has posted files that claim to be from the National Rifle Association.
Grief, a hacking collective, posted 13 files to its website on Wednesday, claiming to have hacked the NRA. It has threatened to reveal more files if it is not paid, however it has not stated how much it will cost.
Grief, like many other ransomware groups, frequently uploads a few files stolen from a victim in an attempt to elicit a ransom payment.
Paying a ransomware hacker is risky in general, but Grief is particularly tricky. Grief, according to most cybersecurity experts, is a renamed effort by a group of Russian cybercriminals known as Evil Corp, which is now sanctioned by the US Treasury Department.
Allan Liska, a ransomware analyst with cybersecurity firm Recorded Future, said, “It’s the same group.”
NRA issued a tweet in which it stated that it “does not discuss matters relating to its physical or electronic security,” and that it “takes extraordinary measures to protect information regarding its members, donors, and operations.”
“NRA does not discuss matters relating to its physical or electronic security. However, the NRA takes extraordinary measures to protect information regarding its members, donors, and operations – and is vigilant in doing so.”–Andrew Arulanandam, managing dir., NRA Public Affairs
— NRA (@NRA) October 27, 2021
Grief, although being a criminal syndicate, isn’t renowned for faking when it says an organisation has been hacked, according to Brett Callow of cybersecurity firm Emsisoft, who analyses ransomware gangs.
“I’m not aware of any incidents in which Grief/Evil Corp has attempted to take credit for other operations’ attacks,” Callow said.
The majority of the documents are related to NRA grants. There are blank grant request forms, a list of recent award beneficiaries, an email sent earlier this month to a recent grant winner, and a W-9 form among them. The minutes of a Sept. 24 NRA teleconference meeting are also included in the leak.
Ransomware has been a persistent menace in recent years, with cybercriminals, many of whom are headquartered in or around Russia, constantly hacking businesses, schools, police agencies, and other organisations.
Despite the White House’s efforts to strengthen US defences, ransomware remains a lucrative criminal activity. According to Emsisoft, it cost about $75 billion in damages globally last year.
Russian ransomware hackers have yet to make “any significant, material changes” to their repeated operations against American organisations, according to Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency.
Following the FBI’s alleged takedown of one large ransomware group on Friday, numerous others threatened revenge and threatened to attack the United States.