On the dark web, a well-known Russian cybercriminal gang has posted files that claim to be from the National Rifle Association. Grief, a hacking group, posted 13 files to its website on Wednesday, claiming to have hacked the NRA. It has threatened to reveal more files if it is not paid, however it has not stated how much it will cost.
The news of the incident swiftly circulated online, with dozens of Twitter accounts with no followers attempting to magnify the attack's content by retweeting it. The accounts were formed in the previous six months and followed no one, but they shared content regarding the cyberattack, including postings from The Washington Times linked to a news report and a screenshot of Grief's website from Brett Callow, an Emsisoft threat analyst.
When asked about the new accounts' activity, Twitter stated it reviewed "many accounts violating our platform manipulation and spam policies" and then took action. Twitter could not say who was behind the manipulative activity, or whether the accounts were linked to the group that claimed responsibility for the attack on the NRA.
Grief, according to most cybersecurity experts, is a renamed effort by a group of Russian cybercriminals known as Evil Corp, which is currently under sanctions by the US Treasury Department. "It's the same group," said Allan Liska, a ransomware analyst at the cybersecurity firm Recorded Future.
When contacted for comment, the NRA did not react. It did, however, issue a tweet in which it stated that it "does not share anything relevant to its physical or electronic security," and that it "takes extreme efforts to secure information regarding its members, donors, and operations." Grief, although being a criminal organization, isn't renowned for faking when it says an organization has been hacked, according to Brett Callow. "I’m not aware of any incidents in which Grief/Evil Corp has attempted to take credit for other operations’ attacks," Callow said.
Some experts speculated that the NRA paid a ransom to its attackers after Grief temporarily withdrew the NRA from its website. Grief deleting the NRA from its website, according to Jon DiMaggio, chief security strategist at cyber threat analysis firm Analyst1, could be evidence that the NRA paid up.
According to a screenshot uploaded by Mr. Callow, the NRA entry on Grief's leak website was available Monday, along with a file titled "corporate insurance" and other data. “Insurance docs are useful to ransomware operators as they effectively specify how much orgs can afford to pay — no matter what their balance sheets look like,” Mr. Callow tweeted.