The National Rifle Association (NRA) has finally confirmed it suffered a ransomware attack last October.
The NRA’s political action committee (PAC) filed a report to the Federal Election Commission (FEC), earlier this month to confirm the attack, claiming it was the reason why the organization couldn’t report some of the donations it had received at the time.
The filing says the attack, which took place on October 20, 2021, took down its network for a fortnight. “During that time, we were not able to access email or network files. When our Information Security team brought our network back online, the process was undertaken slowly and carefully, with the end result that we did not have full access to our network and the internet until the second week of November,” the filing reads.
We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.
>> Click here to start the survey in a new window (opens in new tab) <<
No word on ransom payment
“During the network restoration process, one batch of credit card receipts was not processed correctly into our donor database. This batch, which was discovered during our year-end close, totaled $2,485.66 and included 83 individual transactions. It is being disclosed on the November 2021 Monthly Report as an additional $1,609.66 on Line 11(a)(i) and an additional $876.00 on Line 11(a)(ii).”
The document doesn’t state how the network got compromised, and whether or not any viruses or malware (opens in new tab) had been used. It also doesn’t discuss if any ransomware (opens in new tab) was paid, or to whom.
> NRA refuses to confirm reports of ransomware hack (opens in new tab)
> Ransomware attacks saw a huge rise in 2021 (opens in new tab)
> It’s time to attack your ransomware recovery strategy (opens in new tab)
The Verge, on the other hand, reminds that a known Russia-based ransomware group, Grief, claimed responsibility for the attack, posting on the dark web data that it claims came from the breach.
Following the incident, the organization implemented “additional cybersecurity measures”, to make sure a similar attack doesn’t happen again, the report concludes. No elaboration on what that means, in practice.
- Secure your endpoints today with the best endpoint protection software (opens in new tab) right now
Via: The Verge (opens in new tab)