Last year, the National Rifle Association — champion of gun-toting maniacs worldwide, admitted it was hacked by cybercriminals. The organization's political action committee (PAC) confirmed the attack in a filing to the Federal Election Commission on Friday.
Last October, a ransomware group known as "Grief" boasted to the digital underworld about hacking into the gun lobby's networks and stealing critical internal papers. It released screenshots of documents it claimed to be stolen during the event. The NRA did not confirm or deny it had been hacked at the time.
"The National Rifle Association does not talk about its physical or electronic security. The NRA, on the other hand, takes exceptional precautions to safeguard information about its members, funders, and operations, and is extremely cautious in doing so." Andrew Arulanandam, managing director of NRA Public Affairs.
The NRA was added as a new victim on the ransomware gang's data site today, along with pictures of Excel spreadsheets revealing US tax information and transaction amounts.
The threat actors also published a 2.7 MB archive called 'National Grants.zip,' which comprises bogus NRA grant applications. After Grief claimed it obtained 13 files supposedly from the NRA's databases, security researchers began posting about the breach on Wednesday. According to an analysis of the documents supplied, it included records from a recent NRA board meeting as well as grant documents. If the NRA did not pay an undisclosed ransom, it threatened to release more files.
The Grief ransomware group is believed to be linked to Evil Corp, a Russian hacking group. Evil Corp has been active since 2009 and has been involved in a variety of destructive cyber activities, including the spread of the Dridex trojan, which was used to steal online banking credentials and money.
In 2017, the hacking gang published BitPaymer, ransomware which was later renamed DoppelPaymer in 2019. The US Department of Justice charged members of the Evil Corp with stealing more than $100 million and adding the cyber group to the Office of Foreign Assets Control (OFAC) sanction list after years of attacking US interests.
Soon after, the US Treasury cautioned ransomware negotiators may face civil penalties if anyone helped gangs on the blacklisted list get ransom payments. To avoid US sanctions, Evil Corp has been spreading new ransomware strains under different identities on a regular basis since then.WastedLocker, Hades, Phoenix CryptoLocker, PayLoadBin, and, quite recently, the Macaw Locker are among the ransomware families.
NRA members should take precautions to protect themselves from any penalties which may occur as a result of this breach, according to Paul Bischoff, a privacy advocate at Comparitech. With the Grief ransomware group emerging, security researchers believe it is another version of DoppelPaymer due to the code similarities. Because Grief is related to Evil Corp, ransomware negotiators are unlikely to allow ransom payments unless the victim first obtains OFAC certification.
