Russian ransomware hackers have released what they allege are hundreds more sensitive NRA documents.
Internal financial reports and the personal information of NRA staff were among the documents posted on Wednesday. The release is the fourth batch of records published in an apparent attempt to extort the NRA into paying a ransom. The personal information of dozens of current and former staff, including bank account and social security numbers, was exposed in the latest release.
Those affected by the leaks include top leadership and low-level seasonal employees. The documents appear to cover many of the staff the NRA has hired or rehired over the past year. That’s all in addition to the personal information of dozens of staffers, which was released by the hackers earlier this month.
The Reload spoke with several of those whose personal information was released in the hack. They all confirmed the authenticity of their exposed data and said they had not been made aware of it being leaked by the NRA.
“They are 100 percent authentic,” one source said of the personal details contained in one of the documents. The source confirmed the NRA had not contacted them about the situation.
“Not a peep,” the source said. “It’s ridiculous that they haven’t [informed me]. But not surprising.”
The NRA did not respond to requests for comment on the latest document dump or the authenticity of the documents. It did not answer whether it considered the hack contained or if it had reached out to current and former staff affected by it.
The Reload reviewed the documents in question but is not republishing them or linking to where they are currently published in an effort to limit the spread of personal information. The files have already been viewed by many people, though. A counter on the NRA section of the hacker syndicate’s site on the dark web indicates the document dump has been viewed more than 12,000 times. Collections of the leaked files have also been bundled on traditional filesharing services and spread online.
The leaks are part of an ongoing attack by the Russian-based ransomware group “Grief.” The group, operating under a different name, was sanctioned by the U.S. Treasury Department in 2019 as “one of the world’s most prolific cybercriminal organizations.” The department also claimed Grief’s leader has worked for Russian intelligence in the past.
The Reload further confirmed the authenticity of multiple internal documents included in the hack by speaking with eight current and former NRA officials. It was also able to verify the pay schedule and salaries shown in some of the records match the real ones. The non-public phone numbers and email addresses found on several documents also check out.
Former board member Rocky Marshall, who is currently attempting to intervene against NRA leadership in the group’s New York dissolution case, said he had seen a number of the private documents included in the leak. He said they appeared to be genuine.
“I have reviewed a few of the files and can validate the files are authentic,” Marshall told The Reload. “For example, a spreadsheet contains all of the emails of all NRA employees, and the few I checked are correct. Also, there is a finance presentation that was presented at the last BOD meeting, and this presentation is exactly correct and matches the handout from the meeting.”
The Reload was unable to review or verify all of the hundreds of documents included in the various releases. It was also unable to find any information contained in the leaks, which indicates that any of the documents are fake. The NRA has not disputed the authenticity of the documents in question and has not spoken about the leaks since they were first made public on October 27th.
“NRA does not discuss matters relating to its physical or electronic security,” Andrew Arulanandam, managing director of NRA Public Affairs, said at the time. “However, the NRA takes extraordinary measures to protect information regarding its members, donors, and operations – and is vigilant in doing so.”
The latest round of leaks comes after the hackers had previously indicated their attack on the NRA was over by moving the group’s section on their website to an area for completed hacks. The hackers have not publicly posted their demands for the NRA, though their website does include a generic claim that paying ransomware hackers is less expensive than trying to fight them.
Marshall said the voluminous budget and insurance records included in the leak are more extensive than what was made available to him as a board member.
“I have learned more about the NRA from the Russian hack than I have from the NRA officers, staff, and other board members,” he said. “That’s the sad reality.”