A cybercrime gang claims to have stolen data from U.S. gun rights advocacy group National Rifle Association (NRA).
In response to the claims, the NRA said it “does not discuss matters relating to its physical or electronic security.” The organization noted that it “takes extraordinary measures to protect information regarding its members, donors, and operations – and is vigilant in doing so.”
The threat actor that claims to have breached NRA systems has been using the Grief ransomware to make a profit. In addition to encrypting victims’ files, the group has a Tor-based website where they threaten to leak stolen information if a ransom is not paid. In some cases the cybercriminals appear to have followed through with their threats.
The hackers have so far made public tens of files allegedly taken from the NRA, including financial reports, documents related to the NRA Foundation’s national grants, as well as House and Senate endorsement letters for the 2016 elections.
It’s unclear how much money the Grief ransomware operators hope to obtain from the NRA.
“Data leaks and extortion have become an increasingly common tactic among ransomware groups. With increasing awareness and an abundance of security and backup options to help companies recover their data after an attack, it makes sense that attackers would shift their methods as a response,” commented Jonathan Tanner, senior security researcher at Barracuda.
Tanner added, “This method can lead to customers’ data being exposed, confidentiality being broken, and even public embarrassment, either if the company may have wanted to handle it quietly or if leaked documents contain information of conversations or actions that were less than above board.”
The Grief ransomware emerged in May 2021 and it’s said to be a rebranding of the ransomware known as DoppelPaymer. The hackers are believed to be operating out of Russia.
Related: Maryland Officials Warn Gun Dealers About Phishing Scams
Related: Roommate of Woman Accused of Hacking Pleads to Having Guns