NRA hit by Russian-linked ransomware attack: reports

Getty Images

The National Rifle Association (NRA) has been hit by a ransomware attack, becoming the latest victim of a massive spike in these attacks this year, according to multiple reports Wednesday.

NBC News reported that a Russian cybercriminal group known as Grief posted files on its website on the dark web on Wednesday that it claimed to have stolen from the NRA.

Experts told NBC News that Grief was likely a rebrand of the cyber criminal group Evil Corp, which was linked last week to the ransomware attack on Sinclair Broadcast Group. 

Multiple U.S. federal agencies took action against the group in 2019 after it was accused of using malware to steal more than $100 million from hundreds of banks and financial entities in over 40 countries, which included sanctioning the group.

Allan Liska, a senior intelligence analyst at cybersecurity group Recorded Future, told The Hill that there was “significant code overlap” between ransomware used by Grief and the variant used by Evil Corp.

“Recorded Future has seen Evil Corp launch multiple ransomware variants over the last year,” Liska told The Hill Wednesday. “This is likely because Evil Corp is a sanctioned entity by the United States; therefore, paying a ransom may result in a fine.”

“By launching multiple variants, Evil Corp is attempting to confuse victims and trick them into paying a sanctioned entity,” Liska said. 

The NRA tweeted out a statement from Andrew Arulanandam, the managing director of Public Affairs at the NRA, Wednesday afternoon reiterating its security. 

“NRA does not discuss matters relating to its physical or electronic security,” Arulanandam said. “However, the NRA takes extraordinary measures to protect information regarding its members, donors, and operations – and is vigilant in doing so.” 

The NRA did not respond to requests for further comment on the hack from The Hill. The Cybersecurity and Infrastructure Security Agency (CISA) referred The Hill to the NRA for comment. 

Liska pointed to the NRA as being an easy target because of its lack of focus on security over the last year amid escalating legal disputes. 

“Given the legal and leadership troubles that the NRA has had this year, their security team, like much of the organization right now, is likely in disarray,” Liska said. “This type of disarray makes an organization more susceptible to cyber attacks, especially ransomware.”

Ransomware attacks have shot up over the past year, to the point that they have become a national security issue that the Biden administration has taken steps to confront. 

Russia has come under pressure to crack down on cybercriminal gangs within its borders, with various groups linked to ransomware attacks this year on Colonial Pipeline, meat producer JBS USA and the IT company Kaseya, among many others. The latter two attacks were both linked to the cybercriminal group REvil.

A coalition of federal agencies last week forced REvil offline.

-Updated at 4:50 p.m. 

Tags CISA NRA Ransomware attack Russia

Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.