A ransomware group tied to Russia claims to have stolen data from the US National Rifle Association (NRA) in a NRSa ransomware attack on the controversial gun-rights group, which has declined to comment on the situation.
‘Grief’, a ransomware group with ties to Russia-based Evil Corp, claims to have stolen data from the gun-rights group & has posted files on its dark web site.
The Grief ransomware gang listed the NRA as a victim of its malicious activity on its data-leak site. Brett Callow, a threat analyst with cyber-security firm Emsisoft, posted a screenshot of Grief’s post on his Twitter account.
Grief = Evil Corp.
Grief claims to have hit the NRA. Grief = Evil Corp. pic.twitter.com/VGdwINcA6P
— Brett Callow (@BrettCallow) October 27, 2021
Grief has ties to the notorious Russian cyber-criminal organisation Evil Corp & has recently emerged as a growing ransomware threat.
The group displayed screenshots of Excel spreadsheets containing US tax information & investments amounts on its leak site. They also posted a 2.7Mb archive titled “National Grants.zip,” according to a report on Bleeping Computer. Grief reportedly claimed that the archive contains NRA grant applications.
NRA – ‘No Comment’
The NRA is a group aimed at protecting people’s US 2nd-amendment rights, or the right to bear arms.
The group has long come under political criticism from those aiming to curtail gun violence in the US. for its hard-line stance & ruthless tactics against stricter gun-control laws, even amid escalating firearm-related crime & mortality rates in the country.
This attack is the last thing the NRA needed with a current background of financial problems, & an ongoing fraud lawsuit against long-time CEO Wayne LaPierre.
Extraordinary Measures
The NRA has decided to remain silent on Grief’s claims so far. The organisation posted a statement attributed to NRA Managing Director Andrew Arulanandam on its Twitter account, asserting that it “does not discuss matters relating to its physical or electronic security.”
“However, the NRA takes extraordinary measures to protect information regarding its members, donors, & operations & is vigilant in doing so,” according to the statement.
‘Shoot Your Way Out’
Noting dryly that “It’s hard to shoot your way out of a cyber-attack,” 1 security expert suggested that the NRA may not have gone far enough in taking defensive security measures to protect its sensitive data.
“It’s always better to prevent a successful ransomware attack than respond to one,” Tim Erlin, VP of Strategy at cyber-security firm Tripwire, wrote.
“Ensuring that systems are securely configured, that vulnerabilities are patched, & that users are as well trained as possible to spot phishing attempts can go a long way to making the attacker’s job more difficult.”
Shifting Tactics?
Today, ransomware groups have become increasingly aggressive & successful at disrupting numerous high-profile companies & critical-infrastructure entities. Experts observed that Grief’s chances of pulling off a ransomware attack on the NRA are likely, even if the organisation chooses not to disclose details or acknowledge the incident at all currently.
Perhaps it was the group’s handling of the matter that inspired Grief to disclose the attack before the NRA remediated the situation on its own, suggested another security expert. Ransomware groups often disclose data on their websites if a targeted organisation refuses to pay ransom after a certain period of time.
“With increasing awareness and an abundance of security and backup options to help companies recover their data after an attack, it makes sense that attackers would shift their methods as a response,” observed Jonathan Tanner, Senior Security Researcher at enterprise security firm Barracuda.
Quietly
“This method can lead to customers’ data being exposed; confidentiality being broken, & even public embarrassment.”
This can be the case particularly if the targeted organisation “may have wanted to handle the incident quietly or if leaked documents contain information of conversations or actions that were less than above board,” he concluded.
https://www.cybernewsgroup.co.uk/virtual-conference-november-2021/