A ransomware group that experts say is based in Russia has posted what it claims are 13 National Rifle Association files to the dark web.
A notorious Russian cybercriminal group has posted what appear to be National Rifle Association files to the dark web.
The group, known as Grief, posted 13 files to its website Wednesday and claimed to have hacked the NRA. It is threatening to release more of the files if not paid, though it did not publicly state how much.
Like many ransomware gangs, Grief often posts a handful files stolen from a victim in an efforts to spur a ransom payment.
While paying any ransomware hacker is a risk, Grief is particularly tricky. Cybersecurity experts widely believe Grief is a rebranded effort by a group of Russian cybercriminals who previously used the nickname Evil Corp, which is currently under sanctions by the U.S. Treasury Department.
“It’s the same group,” said Allan Liska, a ransomware analyst at the cybersecurity firm Recorded Future.
The NRA didn’t immediately respond when reached for comment. Grief, though a criminal group, isn’t known for bluffing when it claims an organization was a victim, said Brett Callow, who tracks ransomware groups at the cybersecurity company Emsisoft.
“I’m not aware of any incidents in which Grief/Evil Corp has attempted to take credit for other operations’ attacks,” Callow said.
Most of the files viewed by NBC News relate to NRA grants. They include blank grant proposal forms, a list of recent grant recipients, an email to a recent grant winner earlier this month, as well as a W-9 form. The leak also includes the minutes from a Sept. 24 NRA teleconference meeting.Internet Explorer Channel Network