Data breach at the National Rifle Association; hackers threaten to expose more sensitive information

Through a post on a dark web portal, an operator of the Grief ransomware claimed to have accessed the data of the National Rifle Association (NRA), the controversial advocacy group for the right to the possession and use of weapons in the United States. The organization refused to confirm or deny this incident, simply ensuring that extraordinary measures are taken for the protection of its members, benefactors and staff.

In this post, the attacker claims that, in addition to having encrypted some of the organization’s systems, he managed to extract thousands of confidential records that will soon be published on a website based on the Tor network, unless the NRA shows willingness to negotiate a ransom.

Members of the cybersecurity community believe the organization ignored the attackers’ threats, as dozens of files allegedly guarded by the NRA have been exposed, including financial details, letters sent to representatives and senators, and other sensitive details. The amount of the demanded ransom is still unknown

Cybersecurity specialists mention that this tactic, known as “double extortion”, has become very common in recent times. Threat actors know that ransomware victims can recover compromised files from their own backup systems or ask for the help of outside advisors; with double extortion, victims must not only worry about encrypted files, but also prevent a massive data leak.

On the ransomware variant used in this attack, experts point out that the Grief ransomware was first detected in mid-2021 and apparently it is a rebranding of the dangerous DoppelPaymer ransomware variant, developed and operated from Russia.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.