NRA responds to reports of Grief ransomware attack

The gun rights organization would not confirm or deny whether they had been hit with a ransomware attack.

ZDNet Recommends

Best security key 2021

While robust passwords go a long way to securing your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.

Read More

The National Rifle Association (NRA) has released a statement today after a ransomware gang claimed to have attacked the organization. 

The Grief ransomware gang -- which has ties to the prolific Russian cybercrime group Evil Corp -- posted about the NRA on its leak site, setting off hours of headlines and concerns from group members. 

By Wednesday afternoon, NRA Public Affairs managing director Andrew Arulanandam took to Twitter to say the group is doing what it can to protect the data of its members.

"NRA does not discuss matters relating to its physical or electronic security. However, the NRA takes extraordinary measures to protect information regarding its members, donors, and operations -- and is vigilant in doing so." Arulanandam said. 

Cybersecurity researchers began posting about the incident on Wednesday after Grief said it had 13 files allegedly from the NRA's databases. Analysis of the released documents shows it is minutes from a recent NRA board meeting as well as documents related to grants. It threatened to leak more files if the NRA did not pay an undisclosed ransom. 

fcub6ecx0a8qsvy.png

Brett Callow

The NRA will be faced with a difficult decision considering Evil Corp was sanctioned by the US Treasury Department in 2019, meaning the gun rights group would have to ask permission before paying any ransom. 

The rules were pushed following an attack on Garmin, a tech wearables company that was hit by the WastedLocker ransomware. WastedLocker is another ransomware group with purported links to Evil Corp. Evil Corp was implicated in a wide-ranging ransomware attack last week on Sinclair Broadcast Group, which controls hundreds of news stations in the US. 

Grief has spent much of 2021 attacking school districts and local governments across the US, including ones in New York, Alabama, Mississippi, Indiana, Washington and Texas, according to Comparitech. 

Paul Bischoff, privacy advocate at Comparitech, said NRA members should take steps to protect themselves from any repercussions that might arise as a result of this breach. 

"A gun won't help. Even if the NRA pays the ransom, there is no guarantee that Grief will destroy the stolen data," Bischoff said. 

"The inclusion of tax forms is particularly concerning because cybercriminals can use them to perpetrate tax fraud. Be sure to file taxes early and make sure no one else files in your name. Grief has led several attacks in the US against targets in government, healthcare, and education."