The gang, which calls itself Grief, published a handful of what appear to be the NRA files on a dark web site. The files, reviewed by The Associated Press, relate to grants the NRA has awarded. Ransomware gangs often post a victim’s files publicly in hopes of spurring them to pay out a ransom.
NRA spokesman Andrew Arulanandam said on Twitter that the NRA "does not discuss matters relating to its physical or electronic security" and takes "extraordinary measures" to protect its information. A person with direct knowledge of the situation who was not authorized to discuss the matter publicly and spoke on condition of anonymity, said the NRA has had problems with its email system this week — a potential sign of a ransomware attack.
Ransomware attacks have spiked in recent years against all manner of companies and organizations, but rarely are the targets as politically sensitive as the NRA. The group has long enjoyed close ties to top Republican lawmakers and been a been a major supporter of Republican candidates. The NRA spent tens of millions of dollar in the past two presidential elections trying to help Donald Trump.
The group has been beset by legal and financial troubles in recent years but remains a potent force politically and has more than 5 million members.
Allan Liska, an intelligence analyst at the cybersecurity firm Recorded Future, said it's highly unusual for a politically active group such as the NRA to be targeted by ransomware gangs, but he said there is no evidence the attack was politically motivated. He said ransomware gangs usually do not target organizations, but vulnerable technologies.
"It's not likely that this was specifically targeted at the NRA, the NRA just happened to get hit," he said. "You never know, though."
Liska said the email problems could be related to the ransomware attack. He said email systems are top targets of ransomware gangs because they often contain sensitive information and hamper an organization's response to an attack, further incentivizing them to pay a ransom.
Spokespeople for the FBI did not immediately return a message seeking comment.
Greif is believed by many cybersecurity experts to be linked to Evil Corp, a ransomware gang that was previously active. The U.S. Treasury Department imposed sanctions on the group in 2019, saying it had stolen more than $100 million from banks and financial institutions in 40 countries.
U.S. and Russian ties have already been strained this year over a string of high-profile ransomware attacks against American targets launched by Russia-based cyber gangs. President Joe Biden has warned Russian President Vladimir Putin in an effort to get him to crack down on ransomware criminals, but several top Biden administration cybersecurity officials have said recently that they have seen no evidence of that.
This article first appeared in The Associated Press