The National Rifle Association of America (NRA), a controversial US-based gun lobby group, has declined to confirm whether the breach actually happened.
Security researchers noticed that ransomware gang Grief posted they have hacked the NRA on their leak site. So far, the group has made several NRA files available, including grant documents, fund recipients, and tax forms.
The NRA is a nonprofit organization that advocates for gun rights and is actively involved in US politics, providing financial contributions to American political parties and candidates.
According to Brett Callow, a threat analyst at a cybersecurity company Emisoft, the gang behind the alleged hack, Grief, is a subsidiary of Evil Corp. The latter is deemed to be a Russia-based cybercrime cartel.
Evil Corp. has been on the US Department of Treasury’s sanction list since 2019 for using Dridex malware to steal $100 million in 40 countries worldwide.
The NRA did not acknowledge whether it was breached by any ransomware group, claiming the organization does not discuss electronic security.
“NRA does not discuss matters relating to its physical or electronic security. However, the NRA takes extraordinary measures to protect information regarding its members, donors, and operations – and is vigilant in doing so,” Andrew Arulanandam, managing director of NRA’s public affairs, was quoted on Twitter.
Ransomware gold rush
Cyberattacks are increasing in scale, sophistication, and scope. The last 12 months were ripe with major high-profile cyberattacks, such as the SolarWinds hack, attacks against the Colonial Pipeline, meat processing company JBS, and software firm Kaseya.
The prevalence of ransomware has forced governments to take multilateral action against the threat. It’s likely a combined effort allowed to push the infamous REvil cartel offline. Gangs, however, either rebrand or form new groups. Most recently, LockBit 2.0 was the most active ransomware group with a whopping list of 203 victims in Q3 of 2021 alone.
An average data breach costs victims $4.24 million per incident, the highest in the 17 years. For example, the average cost stood at $3.86 million per incident last year, putting recent results at a 10% increase.
Reports show that people most vulnerable to cybercrime tend to be adults over 75 and younger adults. Criminals were taking advantage of the uncertainty caused by the pandemic and the flood of new users to digital channels, who were especially susceptible to attack.
More from CyberNews
Subscribe to our newsletter