NRA hit by Russian-linked ransomware attack: reports | #malware | #ransomware | #education | #technology | #infosec


The National Rifle Association (NRA) has been hit by a ransomware attack, becoming the latest victim of a massive spike in these attacks this year, according to multiple reports Wednesday.

NBC News reported that a Russian cybercriminal group known as Grief posted files on its website on the dark web on Wednesday that it claimed to have stolen from the NRA.

Experts told NBC News that Grief was likely a rebrand of the cyber criminal group Evil Corp, which was linked last week to the ransomware attack on Sinclair Broadcast Group. 

Multiple U.S. federal agencies took action against the group in 2019 after it was accused of using malware to steal more than $100 million from hundreds of banks and financial entities in over 40 countries, which included sanctioning the group.

Allan Liska, a senior intelligence analyst at cybersecurity group Recorded Future, told The Hill that there was “significant code overlap” between ransomware used by Grief and the variant used by Evil Corp.

“Recorded Future has seen Evil Corp launch multiple ransomware variants over the last year,” Liska told The Hill Wednesday. “This is likely because Evil Corp is a sanctioned entity by the United States; therefore, paying a ransom may result in a fine.”

“By launching multiple variants, Evil Corp is attempting to confuse victims and trick them into paying a sanctioned entity,” Liska said. 

The NRA did not respond to The Hill’s request for comment, with The Hill unable to reach the organization via phone or email. The Daily Beast was told by a spokesperson Wednesday that the NRA had no comment. 

The Cybersecurity and Infrastructure Security Agency (CISA) declined to comment.

Liska pointed to the NRA as being an easy target because of its lack of focus on security over the last year amid escalating legal disputes. 

“Given the legal and leadership troubles that the NRA has had this year, their security team, like much of the organization right now, is likely in disarray,” Liska said. “This type of disarray makes an organization more susceptible to cyber attacks, especially ransomware.”

Ransomware attacks have shot up over the past year, to the point that they have become a national security issue that the Biden administration has taken steps to confront. 

Russia has come under pressure to crack down on cybercriminal gangs within its borders, with various groups linked to ransomware attacks this year on Colonial Pipeline, meat producer JBS USA and the IT company Kaseya, among many others. The latter two attacks were both linked to the cybercriminal group REvil.

A coalition of federal agencies last week forced REvil offline.


Source link