RICHMOND, Va. (AP) – A ransomware gang believed to operate from Russia has said it hacked the National Rifle Association, the most powerful gun rights group in the United States.
The gang, who call themselves Grief, posted a handful of what appear to be the NRA files on a dark website. The files, reviewed by the Associated Press, relate to grants awarded by the NRA. Ransomware gangs often post a victim’s files in hopes of luring them into paying a ransom.
NRA spokesman Andrew Arulanandam said on Twitter that the NRA “does not discuss matters relating to its physical or electronic security” and is taking “extraordinary measures” to protect its information. A person with first-hand knowledge of the situation who was not authorized to discuss the matter publicly and spoke on condition of anonymity, said the NRA had problems with its messaging system this week – a potential sign from a ransomware attack.
Ransomware attacks have increased in recent years against all kinds of businesses and organizations, but the targets are rarely as politically sensitive as the NRA. The group has long had close ties to key Republican lawmakers and has been a big supporter of the Republican candidates. The NRA has spent tens of millions of dollars in the last two presidential elections trying to help Donald Trump.
The group has been plagued by legal and financial woes in recent years, but remains a powerful political force with over 5 million members.
Allan Liska, intelligence analyst at cybersecurity firm Recorded Future, said it was highly unusual for a politically active group such as the NRA to be the target of ransomware gangs, but he said there was no had no evidence that the attack was politically motivated. He said ransomware gangs typically don’t target organizations, but vulnerable technologies.
“It is unlikely that this was specifically aimed at the NRA, the NRA has just been affected,” he said. “You never know, however.”
Liska said the email issues could be related to the ransomware attack. He said that messaging systems are the primary targets of ransomware gangs because they often contain sensitive information and hamper an organization’s response to an attack, further inducing them to pay ransom.
FBI spokespersons did not immediately return a message seeking comment.
Many cybersecurity experts believe Greif is linked to Evil Corp, a ransomware gang that was previously active. The US Treasury Department imposed sanctions on the group in 2019, saying it had stolen more than $ 100 million from banks and financial institutions in 40 countries.
Relations between the United States and Russia have already been strained this year due to a series of high-profile ransomware attacks against American targets launched by Russian-based cyber gangs. President Joe Biden has warned Russian President Vladimir Putin of trying to crack down on ransomware criminals, but several senior cybersecurity officials in the Biden administration recently said they had not seen any proof of that.
Suggest a correction