Ransomware gang claims attack on NRA

The operators of the Grief ransomware have listed today the US National Rifle Association (NRA) as a victim of one of their attacks.

The organization's name was listed on a dark web portal, often called a "leak site," where the Grief gang typically lists companies they infected and which haven't paid their ransom demands.

Several NRA representatives were not immediately available for comment via the phone. An email request for comment was also not returned prior to this article's publication.

It remains unclear if the Grief gang hit one of the NRA's smaller branches or if the attack hit the organization's central network. Ransomware gangs often like to exaggerate their attacks.

Group behind the attack is sanctioned in the US

The incident is bound to be controversial as the operators of the Grief gang were sanctioned by the US Treasury in December 2019.

Known as the Evil Corp, this cybercrime cartel was sanctioned for operating the Dridex malware botnet, but subsequent research later linked the group to the BitPaymer and DoppelPaymer ransomware operations.

A July 2021 report authored by cyber-security firm Zscaler also described the Grief ransomware as a rebrand of the older DeppelPaymer ransomware, effectively linking it to EvilCorp, an opinion shared and confirmed by multiple security researchers.

The same EvilCorp is also linked to the Phoenix and Macaw ransomware strains, with the latter being used in the attack against the Sinclair Broadcast Group earlier this month.

According to the Treasury sanctions, any US entities are required to obtain permission from Treasury officials before making any money transfer to an entity linked to EvilCorp.