NRA Hacked by Russian Ransomware Gang, Likely Not Politically Motivated, Expert Says

A ransomware gang believed to work out of Russia claimed that it hacked the National Rifle Association and published the group's files on a dark web site, the Associated Press reported. Though the gun-rights group is often included in the political debate over guns in the U.S., one expert said that targeting the NRA in the attack was likely not politically motivated.

Allan Liska, an intelligence analyst at the cybersecurity firm Recorded Future, said that it's very unusual for a politically-active group like the NRA to be singled out by ransomware gangs. Those groups usually also opt to target vulnerable technologies rather than organizations, he said.

"It's not likely that this was specifically targeted at the NRA, the NRA just happened to get hit," Liska said. "You never know, though."

The files posted by the group, which calls itself Grief, relate to grants that the NRA has given out, the AP reported. NRA spokesman Andrew Arulanandam declined to confirm whether Grief's claims were true, tweeting that the NRA "does not discuss matters relating to its physical or electronic security."

A person with knowledge on the issue who spoke on condition anonymity said that problems arose with the NRA's email system this week, pointing to a possible ransomware attack.

For more reporting from the Associated Press, see below:

NRA Ransomware Attack
A ransomware gang believed to operate out of Russia said it hacked the National Rifle Association, a politically powerful gun-rights group. A protester holds a sign outside the National Rifle Association's headquarters building during a vigil for recent victims of gun violence on August 5, 2019, in Fairfax, Virginia. Patrick Semansky/AP Photo

Ransomware attacks have spiked in recent years against all manner of companies and organizations, but rarely are the targets as politically sensitive as the NRA. The group has long enjoyed close ties to top Republican lawmakers and been a been a major supporter of Republican candidates. The NRA spent tens of millions of dollar in the past two presidential elections trying to help Donald Trump.

The group has been beset by legal and financial troubles in recent years but remains a potent force politically and has more than 5 million members.

Liska said the email problems could be related to the ransomware attack. He said email systems are top targets of ransomware gangs because they often contain sensitive information and hamper an organization's response to an attack, further incentivizing them to pay a ransom.

Spokespeople for the FBI did not immediately return a message seeking comment.

Greif is believed by many cybersecurity experts to be linked to Evil Corp, a ransomware gang that was previously active. The U.S. Treasury Department imposed sanctions on the group in 2019, saying it had stolen more than $100 million from banks and financial institutions in 40 countries.

U.S. and Russian ties have already been strained this year over a string of high-profile ransomware attacks against American targets launched by Russia-based cyber gangs. President Joe Biden has warned Russian President Vladimir Putin in an effort to get him to crack down on ransomware criminals, but several top Biden administration cybersecurity officials have said recently that they have seen no evidence of that.

NRA Headquarters
NRA spokesman Andrew Arulanandam would not confirm whether a ransomware gang's claims of a hack were true, saying on Twitter that the NRA “does not discuss matters relating to its physical or electronic security.” The National Riffle Association headquarters are seen on August 6, 2020 in Fairfax, Virginia. Olivier Douliery/AFP via Getty Images