A Russian cybercriminal group claimed on Wednesday that it successfully hacked the National Rifle Association (NRA).
According to NBC News, the hackers, collectively known as “Grief,” posted what are apparently 13 NRA files on the dark web on Wednesday. The group is threatening to make more files public if they are not paid a ransom, but it is unknown how much they are demanding.
The files reviewed by NBC News are largely about NRA grants, including blank grant proposal forms, a list of recent grant recipients, correspondence with a recent grant winner, and a W-9 form. The hack also has the minutes from an NRA teleconference meeting on Sept. 24.
Grief is reportedly known for posting a small number of stolen files at first in an effort to get a ransom payment from the group’s victims.
Allan Liska, a ransomware analyst for the cybersecurity firm Recorded Future, believes Grief formerly operated under the name “Evil Corp,” a group of Russian cybercriminals which is now under sanctions by the U.S. Treasury Department.
“It’s the same group,” Liska said.
On Wednesday, the NRA did not directly address the reported hack, but the pro-Second Amendment group did write on Twitter that it “takes extraordinary measures” to protect members’ information.
“’NRA does not discuss matters relating to its physical or electronic security. However, the NRA takes extraordinary measures to protect information regarding its members, donors, and operations – and is vigilant in doing so.’ –Andrew Arulanandam, managing dir., NRA Public Affairs,” the NRA tweeted.
Brett Callow, who tracks ransomware organizations for the cybersecurity company Emsisoft, said Grief usually isn’t bluffing when it comes to ransomware attacks.
“I’m not aware of any incidents in which Grief/Evil Corp has attempted to take credit for other operations’ attacks,” Callow said.
Emsisoft found that ransomware attacks cost roughly $75 billion in damages globally last year, despite enhanced efforts to improve cyber defenses. Many of the cybercriminal gangs based in and around Russia have made ransomware a consistent threat by frequently hacking businesses, schools, law enforcement and a number of other organizations.
Director of the Cybersecurity and Infrastructure Security Agency Jen Easterly recently said Russian cybercriminals have not made “any significant, material changes” to their constant attacks targeting Americans.
In July, President Joe Biden spoke to Russian leader Vladimir Putin to address suspected Russian-linked cyberattacks on the U.S. and 16 other nations, and warned that the U.S. will “take any necessary action” to defend itself.