A ransomware gang thought to be based in Russia has claimed responsibility for hacking into systems belonging to the National Rifle Association and leaking data to the dark web.
It's not known how much, if any, data the gang has collected from the organization, but members of the infosec community have already posted screenshots of the leaked data to Twitter.
These files show data related to the various grants the NRA has awarded in recent years, according to reports by the Associated Press.
The ransomware group, known as Grief, claims to have posted 13 files to its website, and has threatened to release more if the NRA refuses to pay a ransom, according to an NBC report, although it's currently unclear how large this ransom is.
The files, seen by NBC reporters, include a blank grant proposal form, a list of recent grant recipients, an email to a recent grant winner earlier this month, and an IRS W-9 form. The minutes of an NRA teleconference meeting held last September were also found in the files.
NRA spokesman Andrew Arulanandam took to Twitter on Wednesday to say that his organization “does not discuss matters relating to its physical or electronic security. However, the NRA takes extraordinary measures to protect information regarding its members, donors, and operations – and is vigilant in doing so.”
RELATED RESOURCE
The best defence against ransomware
How ransomware is evolving and how to defend against it
However, according to the Associated Press, a person with direct knowledge of the situation revealed the NRA had issues with its email system this week, a signal of a possible ransomware attack.
Grief is considered by many in the infosec community to be a rebrand of another ransomware group known as Evil Corp. Evil Corp is currently under sanctions by the U.S. Treasury Department, following the theft of more than $100 million from banks and other financial institutions across 40 countries.
According to Allan Liska, a ransomware analyst at the cyber security firm Recorded Future, the two groups are one and the same. Liska added that it is highly unusual for political groups, such as the NRA, to be targets of a ransomware attack.
"It's not likely that this was specifically targeted at the NRA — the NRA just happened to get hit," he told CBS News. "You never know, though."
-
Trump's AI executive order could leave US in a 'regulatory vacuum'News Citing a "patchwork of 50 different regulatory regimes" and "ideological bias", President Trump wants rules to be set at a federal level
-
TPUs: Google's home advantageITPro Podcast How does TPU v7 stack up against Nvidia's latest chips – and can Google scale AI using only its own supply?
-
15-year-old revealed as key player in Scattered LAPSUS$ HuntersNews 'Rey' says he's trying to leave Scattered LAPSUS$ Hunters and is prepared to cooperate with law enforcement
-
The Scattered Lapsus$ Hunters group is targeting Zendesk customers – here’s what you need to knowNews The group appears to be infecting support and help-desk personnel with remote access trojans and other forms of malware
-
Impact of Asahi cyber attack laid bare as company confirms 1.5 million customers exposedNews No ransom has been paid, said president and group CEO Atsushi Katsuki, and the company is restoring its systems
-
The US, UK, and Australia just imposed sanctions on a Russian cyber crime group – 'we are exposing their dark networks and going after those responsible'News Media Land offers 'bulletproof' hosting services used for ransomware and DDoS attacks around the world
-
A notorious ransomware group is spreading fake Microsoft Teams ads to snare victimsNews The Rhysida ransomware group is leveraging Trusted Signing from Microsoft to lend plausibility to its activities
-
Volkswagen confirms security ‘incident’ amid ransomware breach claimsNews Volkswagen has confirmed a security "incident" has occurred, but insists no IT systems have been compromised.
-
The number of ransomware groups rockets as new, smaller players emergeNews The good news is that the number of victims remains steady
-
Teens arrested over nursery chain Kido hacknews The ransom attack caused widespread shock when the hackers published children's personal data
