US National Rifle Association falls victim to Grief ransomware attack

US National Rifle Association falls victim Grief ransomware attack

Operators of the Grief ransomware claim to have attacked the American National Rifle Association (NRA). As proof of their words, the hackers published data stolen from the NRA.

On its darknet website, the group has posted screenshots of Excel spreadsheets showing tax and investment information, as well as the minutes of the board meeting. In addition, the attackers published a 2.7 MB archive called National Grants.zip, which contains applications for NRA grants. Hackers traditionally threaten to release more data if they are not paid a ransom.

NRA representatives do not comment on the incident, they only report on Twitter that they do not comment on issues “related to physical or electronic security”, and also assure that they are “taking extraordinary measures to protect information regarding members, donors and operations of the NRA.”

It is not yet clear whether the ransomware attacked the central office of the NRA or a certain regional branch became the victim of the hackers. It is also worth noting that many experts are perplexed about this hack because the National Rifle Association recently filed for bankruptcy and it is not entirely clear how the NRA can pay ransom to the attackers.

Moreover, the Grief ransomware is a rebranding of another malware, DoppelPaymer, and both of these ransomware is associated with the well-known hack group Evil Corp. Back in 2019, the US authorities imposed sanctions on 24 organizations and individuals associated with this hacking group. As a result, the negotiating companies, which usually negotiate ransom payments and decryption of data with extortionists, refused to “work” with Evil Corp to avoid fines and lawsuits from the US Treasury Department.

In response, Evil Corp began renaming its malware and masking operations to avoid sanctions. For example, the group’s arsenal includes such ransomware as WastedLocker, Hades and Phoenix and PayloadBIN, DoppelPaymer (now Grief or Pay or Grief), Macaw. However, given the sanctions, any companies and organizations in the United States must obtain Treasury approval before transferring money to organizations and individuals associated with EvilCorp.

Catch up on more stories here

Follow us on Facebook here

Leave a Reply