The National Rifle Association (NRA) has confirmed it was the subject of a ransomware attack that took place last October, according to a report from Gizmodo.
The attack brought the NRA’s network down for two weeks
In a filing to the Federal Election Commission (FEC), the organization’s political action committee (PAC), explains the NRA experienced a ransomware attack on October 20th, 2021 that brought its “network offline for two weeks.” Since the NRA wasn’t “able to access email or network files until the second week of November,” the NRA failed to report nearly $2,500 worth of donations, which was the reason for the filing.
Last year, a Russian cybercriminals group that goes by the name of Grief took credit for allegedly hacking the NRA and posting what appeared to be stolen documents on the dark web. Grief, which is said to be associated with well-known Russia-based hacking group Evil Corp, threatened to release more documents if its payment threshold wasn’t met.
There’s no word on whether the NRA ever paid up. The organization never publicly confirmed the attack at the time, and instead issued a statement on Twitter, saying it “does not discuss matters relating to its physical or electronic security,” and that it “takes extraordinary measures to protect information.”
The NRA didn’t immediately respond to The Verge’s request for comment. It notes in the filing that it “has implemented additional cybersecurity measures to reduce the likelihood of a recurrence.”