Grief Ransomware Targets NRA

Grief, a ransomware group with ties to Russia-based Evil Corp, claims to have stolen data from the gun-rights group and has posted files on its dark web site. 

A ransomware group tied to Russia claims to have stolen data from the National Rifle Association (NRA) in a ransomware attack on the controversial gun-rights group, which has declined to comment on the situation.

The Grief ransomware gang listed the NRA as a victim of its nefarious activity on its data-leak site. Brett Callow, a threat analyst with cybersecurity firm Emsisoft, posted a screenshot of Grief’s post on his Twitter account.

Grief has ties to the notorious Russian cybercriminal organization Evil Corp and has recently emerged as a growing ransomware threat.

Infosec Insiders Newsletter

The group displayed screenshots of Excel spreadsheets containing U.S. tax information and investments amounts on its leak site. They also posted a 2.7MB archive titled “National Grants.zip,” according to a report on BleepingComputer. Grief reportedly claimed that the archive contains NRA grant applications.

NRA Won’t Comment

The NRA is a civil rights group aimed at protecting people’s second-amendment rights, or the right to bear arms. The group has long come under political criticism from those aiming to curtail gun violence in the U.S. for its stance against stricter gun-control laws even amid escalating firearm-related crime and mortality rates.

The NRA has decided to remain mum on Grief’s claims for now. The organization posted a statement attributed to NRA Managing Director Andrew Arulanandam on its Twitter account, asserting that it “does not discuss matters relating to its physical or electronic security.”

“However, the NRA takes extraordinary measures to protect information regarding its members, donors, and operations – and is vigilant in doing so,” according to the statement.

Noting that “It’s hard to shoot your way out of a cyberattack,” one security expert suggested that the NRA may not have gone far enough in taking defensive security measures to protect its sensitive data.

“It’s always better to prevent a successful ransomware attack than respond to one,” Tim Erlin, VP of Strategy at cybersecurity firm Tripwire, wrote in an email to Threatpost. “Ensuring that systems are securely configured, that vulnerabilities are patched, and that users are as well trained as possible to spot phishing attempts can go a long way to making the attacker’s job more difficult.”

Shifting Tactics?

These days, ransomware groups have become increasingly aggressive and successful at disrupting numerous high-profile companies and critical-infrastructure entities. Experts observed that Grief’s chances of pulling off a ransomware attack on the NRA are likely, even if the organization chooses not to disclose details or acknowledge the incident at this time.

In fact, perhaps it was the group’s handling of the matter that inspired Grief to disclose the attack before the NRA remediated the situation on its own, suggested another security expert. Ransomware groups often disclose data on their websites if a targeted organization refuses to pay ransom after a certain period of time.

“With increasing awareness and an abundance of security and backup options to help companies recover their data after an attack, it makes sense that attackers would shift their methods as a response,” observed Jonathan Tanner, senior security researcher at enterprise security firm Barracuda, in an email to Threatpost. “This method can lead to customers’ data being exposed, confidentiality being broken, and even public embarrassment.”

This can be the case particularly if the targeted organization “may have wanted to handle the incident quietly or if leaked documents contain information of conversations or actions that were less than above board,” he added.

Check out our free upcoming live and on-demand online town halls – unique, dynamic discussions with cybersecurity experts and the Threatpost community.

Suggested articles