[ad_1]
The Grief ransomware gang claims to have attacked the Nationwide Rifle Affiliation (NRA) and launched stolen information as proof of the assault.
Right this moment, the ransomware gang added the NRA as a brand new sufferer on their information leak web site whereas displaying screenshots of Excel spreadsheets containing US tax data and investments quantities.
The menace actors additionally leaked a 2.7 MB archive titled ‘Nationwide Grants.zip,’ that we now have been instructed incorporates alleged NRA grant functions
NRA entry on the Grief ransomware information leak web site
Earlier this morning, BleepingComputer contacted the NRA a number of occasions, together with talking to the NRA’s Director of Communications Amy Hunter however didn’t obtain any solutions relating to the alleged assault.
The NRA later printed a press release saying they don’t touch upon bodily or digital safety of their group.
“NRA doesn’t focus on issues referring to its bodily or digital safety. Nonetheless, the NRA takes extraordinary measures to guard data relating to its members, donors, and operations – and is vigilant in doing so.” – Andrew Arulanandam, managing dir., NRA Public Affairs.
Grief tied to Russian hacking group
The Grief ransomware gang is believed to be tied to a Russian hacking group often known as Evil Corp.
Evil Corp has been energetic since 2009 and has been concerned in quite a few malicious cyber actions, together with the distribution of the Dridex trojan to steal on-line banking credentials and steal cash.
The hacking group turned to ransomware in 2017, once they launched ransomware often known as BitPaymer. BitPaymer later morphed into the DoppelPaymer ransomware operation in 2019.
After years of attacking US pursuits, the US Division of Justice charged members of the Evil Corp for stealing over $100 million and added the hacking group to the Workplace of Overseas Property Management (OFAC) sanction listing.
Quickly after, the US Treasury later warned that ransomware negotiators would possibly face civil penalties for facilitating ransom funds to gangs on the sanction listing.
Since then, Evil Corp has been routinely releasing new ransomware strains below totally different names to evade US sanctions. These ransomware households embody WastedLocker, Hades, Phoenix CryptoLocker, PayLoadBin, and, extra just lately, the Macaw Locker.
Nonetheless, their authentic ransomware, DoppelPaymer, ran for years below the identical identify till Could 2021, once they stopped itemizing new victims on their information leak web site.
One month later, the Grief ransomware gang emerged, with safety researchers believing to be a rebrand of DoppelPaymer based mostly on code similarities.
As Grief is linked to Evil Corp, it’s doubtless that ransomware negotiators won’t facilitate ransom funds with out the sufferer first getting approval from the OFAC.
[ad_2]