No Reaction From The NRA On Accusations Of A Russian Ransomware Gang Attack

No Reaction From The NRA On Accusations Of A Russian Ransomware Gang Attack

The Grief ransomware group claims to have hacked the NRA (National Rifle Association) and released stolen data as proof.

The NRA was listed as a new victim on the ransomware gang’s data dump site today, along with pictures of Excel files revealing US tax data and investment amounts.

The threat actors also published a 2.7 MB package called ‘National,’ comprising bogus NRA grant applications.

The NRA later tweeted that they do not comment on their organization’s physical or cybersecurity.

The Grief ransomware gang is said to be linked to Evil Corp, a Russian hacker group. Since 2009, Evil Corp has been involved in various criminal cyber operations, including the spread of the Dridex virus to steal online banking details and money.

In 2017, the hacker gang switched to ransomware, releasing the BitPaymer malware. BitPaymer was later renamed DoppelPaymer in 2019.

The US Dept. of Justice accused members of the Evil Corp of stealing over $100 million and adding the hacking organization to the Office of Foreign Assets Control (OFAC) sanction list after years of assaulting US interests.

Soon after, the US Treasury warned that ransomware negotiators might face civil penalties if they helped groups on the blacklisted list make ransom payments.

To avoid US sanctions, Evil Corp has been spreading new ransomware strains under different identities regularly since then. WastedLocker, Hades, Phoenix CryptoLocker, PayLoadBin, and, more recently, the Macaw Locker are among ransomware families.

However, their initial ransomware, DoppelPaymer, was still active until May 2021, when they ceased adding new victims to their data leak website.

The Grief ransomware group appeared a month later, and security researchers believe it is a rebrand of DoppelPaymer based on code similarities. Because Grief is related to Evil Corp, ransomware negotiators are unlikely to allow ransom payments unless the victim first obtains OFAC certification.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.