The group has threatened to release more documents if it does not receive payment, although it has not specified the amount. Cybersecurity experts believe that the group is a reformation of the hacking group “Evil Corp” and consists of Russian cybercriminals. Evil Corp currently faces sanctions from the U.S. Department of Treasury. The NRA is yet to comment on the reported hack. However, experts say that both Grief and Evil Corp are not known to make fake claims about victims, or take credit for the operations of others.
Expert Says Attack Probably Not Politically Motivated
The NRA has strong ties with senior Republican lawmakers and has consistently been a major supporter of Republican candidates. The organization committed a large amount of money to Donald Trump’s last two presidential elections. It also has over five million members. Ransomware attacks have witnessed a massive spike and have targeted a wide variety of organizations. However, it is not common for a politically sensitive organization like the NRA to be a target. Allan Liska, an intelligence analyst at Recorded Future, says that there is no evidence that the attack was politically motivated. He noted that ransomware gangs usually target vulnerable systems or technologies, instead of specific organizations. “It’s not likely that this was specifically targeted at the NRA — the NRA just happened to get hit,” Liska said. “You never know, though.”
Recent Government Response to Ransomware Attacks
Governments around the world have taken serious note of the rising ransomware threats. Senior officials have often repeated that organizations should avoid paying ransoms, as there is no guarantee that a criminal will abandon their position. Lindy Cameron, the chief executive officer of the United Kingdom’s National Cyber Security Centre (NCSC), stated that ransomware continues to be a popular avenue for criminals because organizations are vulnerable and agree to pay up. On a positive note, nation-states have also taken offensive measures to address cybercrime. Recently, several U.S. federal agencies worked to take down the notorious REvil ransomware gang. The U.S. has also previously placed sanctions on Russia for its role in the SolarWinds hack. The Cybersecurity and Infrastructure Agency (CISA) regularly puts out advisories on growing cyberthreats, such as the recent BlackMatter Ransomware and advises organizations to take precautionary measures.