An Apparent Ransomware Hack Puts the NRA in a Bind

Gun News

On Wednesday, the Russian ransomware group Grief posted a sample of data that it claimed was stolen from the National Rifle Association. Dealing with ransomware is a pain under any circumstances. But Grief presents even more complications, because the group is connected to the notorious Evil Corp gang, which has been subject to US Treasury sanctions since December 2019. Even if you decide to pay Grief off, you could face serious penalties. 

The US government has been increasingly aggressive about imposing sanctions on cybercriminal groups, and in recent months the White House has hinted that other ransomware actors may soon be blacklisted. And as these efforts ramp up, they’re shaping the approaches of ransomware actors and victims alike.

The NRA has not confirmed the attack nor the validity of the purported stolen documents, which researcher say include materials related to grant applications, letters of political endorsement, and apparent minutes from a recent NRA meeting. It appears, they add, that the NRA was hit with ransomware late last week or over the weekend, which lines up with reports that the organization’s email systems were down.

On Friday, Grief removed the NRA posting from its dark web site. Brett Callow, a threat analyst at antivirus company Emsisoft, cautions against reading too much into that development. Delistings can indicate that a payment took place, but can also simply mean that the group has entered negotiations with the victims, who in turn may be buying time to investigate the situation and formulate a response plan. Attackers will also occasionally abandon an extortion attempt if the incident is drawing too much attention from law enforcement.

More interesting, perhaps, is Grief itself, which most researchers agree is just one of many fronts for Evil Corp. Given the murky web of ransomware actors and their malware, some researchers believe that Grief is a spinoff group rather than Evil Corp itself. Analysts look at attackers’ methods and infrastructure, including indicators like encryption file format and distribution mechanisms, to uncover links. In the case of Grief, the group has technical similarities to other Evil Corp–linked entities like DoppelPaymer, and uses the Dridex botnet—historically Evil Corp’s signature product.

“Grief has been operating slowly and steadily for some time,” Callow says. “What we’ve seen is Evil Corp cycling through various brands in order to either trick companies into paying, not realizing that they’re dealing with a sanctioned entity, or perhaps to provide them with plausible deniability.”

Ransomware experts note that sanctions have not stopped Evil Corp from attacking targets and getting paid. But they do seem to have impacted the group’s operations, forcing the hackers to factor sanctions into how they present themselves and what they communicate to victims. 

“It’s interesting. We don’t often see ransomware actors pretending to be other groups, because you want to make sure you get paid,” says Allan Liska, an analyst for the security firm Recorded Future. “If you’ve been hit by Conti or Lockbit, you know you’ve been hit by Conti or Lockbit. So I think that indicates a change in behavior because of the sanctions. DoppelPaymer, Grief, and several other ransomware strains and groups are tied to Evil Corp.”

Source link

Articles You May Like

Louisiana advances bill to carry concealed handguns with no permit
DeSantis turning Florida into Wild West with gun legislation
Five Republican candidates vying for two seats in District 24 primary
Connecticut Poised To Adopt One of Nation’s Most Restrictive Gun Laws
Comey’s Russia-hoax con, Fonda’s climate lunacy and more


  1. 303281 69316Following examine a couple of of the weblog posts on your web web site now, and I genuinely like your manner of blogging. I bookmarked it to my bookmark web site record and will probably be checking back soon. Pls take a look at my internet page as effectively and let me know what you believe. 136407

  2. 510328 921197Hello, Neat post. Theres an concern together with your internet site in internet explorer, may possibly check this? IE still may be the marketplace leader and a huge component to folks will omit your excellent writing because of this issue. 488366

  3. 534010 647751You produced some decent points there. I looked on the internet for that dilemma and discovered most people is going together with with the internet internet site. 52423

  4. 353133 161706My California Weight Loss diet invariably is an cost effective and versatile staying on your diet tv show created for folks who discover themselves planning to drop extra pounds and furthermore ultimately maintain a considerably healthier habits. la weight loss 749937

  5. 735576 383617Aw, i thought this was an incredibly great post. In thought I would like to invest writing in this way moreover – taking time and actual effort to manufacture a quite good article but exactly what do I say I procrastinate alot and no means apparently go completed. 108837

  6. 209327 440858Most heavy duty trailer hitches are created employing cutting edge computer aided models and fatigue stress testing to ensure optimal strength. Share new discoveries together with your child and keep your child safe by purchasing the correct design for your lifestyle by following the Perfect Stroller Buyers Guideline. 32065

  7. 320437 955464Trop excitant de mater des femmes lesbiennes en train de se doigter la chatte pour se faire jouir. En plus sur cette bonne petite vid o porno hard de lesb X les deux jeunes lesbienne sont trop excitantes et super sexy. Des pures beaut de la nature avec des courbes parfaites, les filles c est quand v 711620

  8. 268956 311542hi!,I like your writing so a lot! share we communicate much more about your article on AOL? I require an expert on this area to solve my difficulty. Possibly thats you! Seeking forward to see you. 186794

Leave a Reply

Your email address will not be published. Required fields are marked *