NRA confirms it was hit by ransomware attack

The National Rifle Association (NRA) has finally confirmed it suffered a ransomware attack last October.

The NRA’s political action committee (PAC) filed a report to the Federal Election Commission (FEC), earlier this month to confirm the attack, claiming it was the reason why the organization couldn’t report some of the donations it had received at the time.

The filing says the attack, which took place on October 20, 2021, took down its network for a fortnight. “During that time, we were not able to access email or network files. When our Information Security team brought our network back online, the process was undertaken slowly and carefully, with the end result that we did not have full access to our network and the internet until the second week of November,” the filing reads. 

TechRadar needs you!

We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a £100 Amazon gift card (or equivalent in USD). Thank you for taking part.

>> Click here to start the survey in a new window

No word on ransom payment

“During the network restoration process, one batch of credit card receipts was not processed correctly into our donor database. This batch, which was discovered during our year-end close, totaled $2,485.66 and included 83 individual transactions. It is being disclosed on the November 2021 Monthly Report as an additional $1,609.66 on Line 11(a)(i) and an additional $876.00 on Line 11(a)(ii).”

The document doesn’t state how the network got compromised, and whether or not any viruses or malware had been used. It also doesn’t discuss if any ransomware was paid, or to whom. 

The Verge, on the other hand, reminds that a known Russia-based ransomware group, Grief, claimed responsibility for the attack, posting on the dark web data that it claims came from the breach.

Following the incident, the organization implemented “additional cybersecurity measures”, to make sure a similar attack doesn’t happen again, the report concludes. No elaboration on what that means, in practice.

Via: The Verge

Read the original article @ TechRadar – All the latest technology news