National Security

Russian Ransomware Gang Claims to Have Hacked the NRA

Target Practice

The Russian ransomware gang, known as Grief Gang, emerged in May and has been actively going after targets since. The NRA might be its latest.

Wayne LaPierre testifies.
(Photo by Mark Wilson/Getty Images)

A ransomware gang believed to have Russian connections claims it just popped the National Rifle Association.

The ransomware gang, known as Grief Gang, posted files on its extortion site Wednesday that it claims to have stolen from the NRA, in an apparent attempt to pressure the NRA to pay them a ransom demand.

The file names suggest that the attackers, while targeting the NRA with ransomware—a malware meant to lock up victim computers until the victim pays a ransom—were able to steal files about “national grants" and minutes from an internal meeting.

ADVERTISEMENT

After an attempt to reach the NRA’s spokesperson’s email Wednesday, the NRA’s email server reported an error, an indication that their mail server could be down.

“I don’t have any comment,” NRA spokesperson Amy Hunter told The Daily Beast when reached by phone for comment on Wednesday.

The ransomware gang claiming to have hit the gun rights group first emerged in May and has been busy since, hitting numerous victims, Allan Liska, an intelligence analyst at security firm Recorded Future, told The Daily Beast.

The group has been particularly insistent in recent weeks that victims not contact law enforcement authorities and that they not enlist negotiating consultants to act as interlocutors between the victims and the gang, researchers say.

Grief Gang could make things particularly difficult for any victim interested in paying, as it has been linked to the operators of a group sanctioned by the U.S. Treasury Department. That gang, Evil Corp, is suspected to be linked to the attack against the Sinclair Broadcast Group in recent days.

The hit would come at a tumultuous time for the NRA, which has been dealing with infighting in its executive ranks and which filed for bankruptcy earlier this year. The New York Attorney General has also sued the NRA for fraud in recent months.

Turmoil like that at any organization makes for a ripe target for hackers looking for vulnerable targets whose attention might be strained or scattered, Liska told The Daily Beast.

“Between lawsuits and infighting amongst its leaders the NRA is already facing a number of challenges this year,” Liska said, noting the attackers might be taking advantage of the NRA’s mounting issues. “These kind of distractions have an impact on security teams and can leave organizations more vulnerable to attack.”

The Daily Beast could not independently verify the authenticity of the stolen documents that the gang indicated came from hacking the NRA.

It is not clear if the NRA had plans to pay any ransom demands, but often when victim files appear on extortion sites it is because the targets have refused to pay and the attackers want to twist victims’ arms.

Ransomware gangs, however, often like to puff up their chests on extortion sites. Some gangs have recently been posting alleged victims’ information to their sites without actually having hit them, in a ruse to make some companies nervous that they’ve been hit to the point that they pay up without having been victimized at all, The Daily Beast previously reported.

Got a tip? Send it to The Daily Beast here.