Ransomware gang says it targeted National Rifle Association
A ransomware gang believed to operate out of Russia says it's hacked the National Rifle Association
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.A ransomware gang believed to operate out of Russia says it hacked the National Rifle Association the most powerful gun-rights group in the United States
The gang, which calls itself Grief, published a handful of what appear to be the NRA files on a dark web site. The files, reviewed by The Associated Press, relate to grants the NRA has awarded. Ransomware gangs often post a victim’s files publicly in hopes of spurring them to pay out a ransom.
The NRA did not immediately return a request for comment. But a person with direct knowledge of the situation who was not authorized to discuss the matter publicly and spoke on condition of anonymity, said the NRA has had problems with its email system this week — a potential sign of a ransomware attack.
Ransomware attacks have spiked in recent years against all manner of companies and organizations, but rarely are the targets as politically sensitive as the NRA. The group has long enjoyed close ties to top Republican lawmakers and been a been a major supporter of Republican candidates. The NRA spent tens of millions of dollar in the past two presidential elections trying to help Donald Trump.
The group has been beset by legal and financial troubles in recent years but remains a potent force politically and has more than 5 million members.
Allan Liska, an intelligence analyst at the cybersecurity firm Recorded Future, said it's highly unusual for a politically active group such as the NRA to be targeted by ransomware gangs, but he said there is no evidence the attack was politically motivated. He said ransomware gangs usually do not target organizations, but vulnerable technologies.
“It's not likely that this was specifically targeted at the NRA, the NRA just happened to get hit," he said. “You never know, though.”
Liska said the email problems could be related to the ransomware attack. He said email systems are top targets of ransomware gangs because they often contain sensitive information and hamper an organization's response to an attack, further incentivizing them to pay a ransom.
Spokespeople for the FBI did not immediately return a message seeking comment.
Greif is believed by many cybersecurity experts to be linked to Evil Corp, a ransomware gang that was previously active. The U.S. Treasury Department imposed sanctions on the group in 2019, saying it had stolen more than $100 million from banks and financial institutions in 40 countries.
U.S. and Russian ties have already been strained this year over a string of high-profile ransomware attacks against American targets launched by Russia-based cyber gangs. President Joe Biden has warned Russian President Vladimir Putin in an effort to get him to crack down on ransomware criminals, but several top Biden administration cybersecurity officials have said recently that they have seen no evidence of that.
____
Associated Press writer Eric Tucker in Washington contributed to this report.