A Russian-speaking ransomware gang says it hacked the National Rifle Association

An NRA spokesperson declined to comment when reached by phone.
NATIONAL HARBOR, MARYLAND - FEBRUARY 26: The booth of the National Rifle Association of America is seen at the annual Conservative Political Action Conference. (Photo by Alex Wong/Getty Images)

A ransomware group known as Grief claimed on Wednesday to have hacked the National Rifle Association, releasing 13 documents allegedly belonging to the organization and threatening to release more if the NRA doesn’t pay an extortion fee of an undisclosed sum.

The documents previewed on Grief’s leak site include grant applications and minutes from a meeting. The group claims to possess more documents. However, ransomware actors have been known to exaggerate the amount of data obtained in a hack.

CyberScoop has not independently verified the documents. An NRA spokesperson declined to comment when reached by phone. On its Twitter account, the NRA appeared to allude to the news.


“NRA does not discuss matters relating to its physical or electronic security,” reads a tweeted quote attributed to Andrew Arulanandam, managing director of NRA public affairs. “However, the NRA takes extraordinary measures to protect information regarding its members, donors, and operations – and is vigilant in doing so.”

Multiple researchers have said that Grief is affiliated with the Russian ransomware group Evil Corp.

Evil Corp.’s involvement could potentially put the NRA at risk of violating U.S. sanctions if it pays the attackers after the Treasury Department sanctioned that gang in 2019. The Justice Department also charged two Evil Corp. members with criminal violations, accusing the group’s leader, Maksim Yakubets, of providing direct assistance to Russian intelligence agencies.

Evil Corp. seems to have recently resurfaced in an effort to evade those sanctions with new strains of malware. The group last week reportedly hit the right-leaning U.S. broadcaster Sinclair.

Despite ongoing diplomatic efforts by the United States to pressure Russia into cracking down on ransomware gangs, ransomware from Russia-based groups continues to pose a major security threat to U.S. critical infrastructure.


Of particular concern are U.S. food and agricultural businesses. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the FBI and the National Security Agency recently published a warning that another ransomware group, BlackMatter, was demanding high ransoms from victims in the industries.

Updated, 10/27/21: to include NRA tweet.

Tonya Riley

Written by Tonya Riley

Tonya Riley covers privacy, surveillance and cryptocurrency for CyberScoop News. She previously wrote the Cybersecurity 202 newsletter for The Washington Post and before that worked as a fellow at Mother Jones magazine. Her work has appeared in Wired, CNBC, Esquire and other outlets. She received a BA in history from Brown University. You can reach Tonya with sensitive tips on Signal at 202-643-0931. PR pitches to Signal will be ignored and should be sent via email.

Latest Podcasts