NRA Refuses to Confirm Ransomware Hacking Reports

• The comparison
• Computer Technology
• NRA Refuses to Confirm Ransomware Hacking Reports

The National Rifle Association (NRA) issued a statement saying it is against its policy to discuss security issues a day after a ransomware gang claimed to have attacked the organization. Brett Callow, a threat analyst at Emisoft, creator of a popular anti-malware solution capable of thwarting such attacks, was one of the first to discover that the Grief ransomware had listed the NRA as its victim. The complaint is said to have ties to the notorious Evil Corp cybercrime syndicate. “The NRA does not discuss matters relating to your physical or electronic security. However, the NRA takes extraordinary measures to protect information about its members, donors and operations, and is vigilant in doing so,” said Andrew Arulanandam, MD, NRA Public Affairs, via a statement shared on Twitter. According to cybersecurity researchers, Grief, like many ransomware operators, released a handful of files that he had exfiltrated from the NRA, as part of his double extortion shenanigans, to back up his claim that the organization had indeed been breached.

Keyboard in a shootout

ZDNet claims that an analysis of these documents reveals that some are minutes from a recent NRA board meeting, while others are grant-related, including a list of recent NRA grant recipients. The complaint threatened to release more files if the NRA did not pay the undisclosed ransom. While paying a ransomware operator is a tricky prospect, it's even trickier in the case of Grief. If the NRA decides to go ahead, it will need to clear a few more hurdles, as Evil Corp has been sanctioned by the US Treasury Department since 2019, meaning any commitments and payments will need to seek department approval. Paul Bischoff, privacy advocate at Comparitech, told ZDNet that it's up to individual NRA members to protect themselves from any repercussions that may arise as a result of this breach by using services like Identity Theft Protection. "A gun won't help. Even if the NRA pays the ransom, there's no guarantee Grief will destroy the stolen data," Bischoff warned.