After the notorious Grief ransomware group added the National Rifle Association to its public list of victims, messages of the breach was reportedly amplified by a network of fake Twitter accounts.
Grief
Grief is a ransomware operation described in the provided content as having ties to the Russian cybercrime group Evil Corp and as an offshoot of DoppelPaymer, which itself evolved from Evil Corp.
Profile source: Mallory opens in a new tabGrief
Family profile
Grief is a ransomware operation described in the provided content as having ties to the Russian cybercrime group Evil Corp and as an offshoot of DoppelPaymer, which itself evolved from Evil Corp. The group conducts double-extortion activity by stealing data and threatening to leak additional files unless an undisclosed ransom is paid. In the cited NRA incident, Grief posted the victim on its leak site, claimed to possess 13 files allegedly taken from NRA databases, and exposed material that reportedly included recent board meeting minutes, grant-related documents, and tax forms. The content also notes reporting that messaging around the NRA breach was amplified by a network of fake Twitter accounts, although public attribution did not establish that the network belonged to Grief. The group is reported to have spent much of 2021 targeting U.S. school districts and local governments, with additional attacks against government, healthcare, and education entities in states including New York, Alabama, Mississippi, Indiana, Washington, and Texas. Because of its reported Evil Corp lineage, ransom payments associated with Grief may carry U.S. sanctions risk. High-confidence behaviors directly mentioned in the content include operation of a public leak site, extortion through threatened publication of stolen data, and targeting of U.S. organizations including the National Rifle Association.
Ransomware.live
Operational record
Reported operators
Threat actors
1 named in public reportingMITRE ATT&CK
Grief in ATT&CK
2 distinct techniquesTechniques
2 techniquesReporting
Research mentioning Grief
As demo’d with NRA, ‘information operations’ may be new way to give ransomware victims Grief | analysis | SC Media
After the notorious Grief ransomware group added the National Rifle Association to its public list of victims, messages of the breach was reportedly amplified by a network of fake Twitter accounts.
NRA responds to reports of Grief ransomware attack | ZDNet
The Grief ransomware gang -- which has ties to the prolific Russian cybercrime group Evil Corp -- posted about the NRA on its leak site... It threatened to leak more files if the NRA did not pay an undisclosed ransom.
NRA responds to reports of Grief ransomware attack | ZDNET
The Grief ransomware gang -- which has ties to the prolific Russian cybercrime group Evil Corp -- posted about the NRA on its leak site... It threatened to leak more files if the NRA did not pay an undisclosed ransom.