Wednesday, a Russia’s Grief Liberation Party has sent samples allegedly stolen from the National Rifle Association. Dealing with ransomware and pain in any case. But Sadness brings a lot of problems, because the group is connected to Well-known Evil Corp., which has been affected by US Treasury sanctions since December 2019. Even so payment option Otherwise, you may face severe penalties.
The U.S. government has been very aggressive in imposing sanctions on cybercriminals, and in recent months the White House has also said that some redemptive perpetrators could be fired soon. And as these efforts intensify, they are developing the methods of ransomware and victims alike.
The NRA has not confirmed the conspiracy or the validity of the alleged stolen documents, which investigators say includes applications, political affidavit letters, and visible minutes of a recent NRA meeting. It appears, he adds, that the NRA was hit by ransomware last weekend or weekend, which corresponds to reports that organizational emails were down.
On Friday, Sadness removed the NRA notes from his black page. Brett Callow, a risk analyst at the antivirus company Emsisoft, warns us not to read too much about the development. Follow-up may indicate that the payment was made, but it could also mean that the group has conducted discussions with the victims, who are able to buy time to investigate the situation and make a response plan. Terrorists also occasionally stop trying to seize if the incident attracts legal attention.
The most interesting, perhaps, is the Grief, which many analysts agree to be one of the many components of Evil Corp. Considering the horrible website of ransomware players and malware, some researchers believe that Grief is a spinoff group and not just Evil Corp. Researchers look at encryption and architecture, including symbols such as the encryption file format and distribution methods, in order to reveal the links. In the case of Sadness, the group has similar technicalities with other Evil Corp affiliated organizations such as DoppelPaymer, and uses the Dridex botnet — which signed the Evil Corp. profile.
“Grief has been working slowly for a long time,” says Callow. “What we’ve seen is driving Evil Corp bikes in various forms to trick companies into paying, not knowing that they’re dealing with a legitimate agency, or giving them a chance to be rejected.”
Ransomware experts feel that the sanctions did not stop Evil Corp from attacking and demanding compensation. But it seems to have affected the group’s performance, forcing thieves to disclose how they present themselves and what they say to victims.
“It’s fun. We often do not see ransomware players pretending to be other groups, because you want to make sure you get paid, “said Allan Liska, a security researcher for Recorded Future security company.” “DoppelPaymer, Grief, and several other ransomware groups have been linked to Evil Corp.”