National Rifle Association (NRA) has said for the first time that, yes, the organization was indeed hacked last year.
The right wing organization best known for fighting common sense gun control measures after school shootings like the ones at Sandy Hook and Stoneman Douglas — and also acting as a “foreign asset” to Russia –– confirmed the ransomware attack in a Federal Election Commission filing made by the NRA’s political action committee (PAC).
NRA admitted it suffered an attack in the filing because it had to explain discrepancies in its financial reports previously submitted to the government. According to the filing, around $2,485 of contributions had not been “processed correctly.” The NRA blamed the hack for the disparity.
In October 2021, a ransomware group known as Grief targeted the NRA and boasted about its stolen data from the gun organization. The group Grief, which has ties to the Russian cybercriminal ring Evil Corp., allegedly stole tax, grant, and investor information from the NRA and posted it to its website. Grief later released more sensitive personal and financial data, including bank account numbers.
At the time, the NRA would not confirm or deny the hack, releasing a statement that claimed that the “NRA takes extraordinary measures to protect information regarding its members, donors, and operations – and is vigilant in doing so.”
Now we know they weren’t vigilant enough. Grief’s ransomware campaign struck the NRA on Oct.20, and the gun group felt the effects until November. Various levels of downtime plagued NRA’s internet access, emails, and online networks for weeks.
Whether the NRA ever paid a ransom to Grief in order to prevent further data theft is unknown.
Ransomware hacks can be detrimental to an organization. Businesses have shut down after suffering losses from such attacks. It’s too bad this wasn’t one of those cases.