The problem that the United States has with gun control can be traced until the second amendment in its constitution that statesand we quote verbatim “A well-regulated Militia being necessary for the security of a free State, the right of the people to keep and bear arms must not be infringed.”. And nothing better to defend this constitutional right than the NRA, or the controversial North American National Rifle Association.
The NRA hacked by Russia
In a country where there are more and more shootings in schools, institutes, churches, synagogues, etc, the NRA is no stranger to cyber warfare. And in fact it was last October 2021 when he suffered a cyberattack on which he did not comment. It was at the end of the month that a notorious group of Russian cybercriminals called Grief published a data sample composed of 13 files that, according to them, they had been stolen from the National Rifle Association.
The group used Ransomware-type malware and ‘hijacked’ the NRA website, for which they blackmailed the association into paying money in exchange for releasing the system and not publishing any more content on the Internet – on the Dark Web.
Although paying any ransomware hacker is a risk, Grief is especially tricky. Cybersecurity experts believe that Grief is a rebranding effort by a group of Russian cybercriminals who previously used the nickname Evil Corp, which is currently under sanctions from the US Treasury Department. “It’s the same groupsays Allan Liska, a ransomware analyst at cybersecurity firm Recorded Future, so even if you decide to pay Grief, you could still face serious penalties.
“Yes, we have been hacked”
It is not known if the NRA ever paid. The organization never publicly confirmed the attack at the time, instead issuing a statement on Twitter, saying that “does not discuss matters related to your physical or electronic security“, and that “takes extraordinary measures to protect information”. But a couple of days ago, on Saturday March 19, after 5 months, the Rifle Association decided to talk about it.
In a filing before the Federal Election Commission (FEC)the political action committee (PAC) of the organization, made public by el site Gizmodoexplain what the NRA suffered a ransomware attack on October 20, 2021 that left their “network out of service for two weeks“. As the NRA was not “able to access email or network files until the second week of November“, the NRA failed to report donations worth nearly $2,500, prompting the filing.
Did you pay Grief’s group then? Didn’t he pay you? What about those $2,500 in donations? Without commenting further on the matter, the NRA notes in the filing that “has implemented additional cybersecurity measures to reduce the likelihood of a recurrence.”