Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

NRA: No Comment on Russian Ransomware Gang Attack Claims

NRA: No Comment on Russian Ransomware Gang Attack Claims

The Grief ransomware gang claims to have attacked the National Rifle Association (NRA) and released stolen data as proof of the attack.

Today, the ransomware gang added the NRA as a new victim on their data leak site while displaying screenshots of Excel spreadsheets containing US tax information and investments amounts. 

The threat actors also leaked a 2.7 MB archive titled ‘National,’ that we have been told contains alleged NRA grant applications

Also Read: The 5 Important Things To Know In Security Pen Testing

NRA entry on the Grief ransomware data leak site
NRA entry on the Grief ransomware data leak site

Earlier this morning, BleepingComputer contacted the NRA multiple times, including speaking to the NRA’s Director of Communications Amy Hunter but did not receive any answers regarding the alleged attack.

The NRA later published a statement saying they do not comment on physical or electronic security of their organization.

“NRA does not discuss matters relating to its physical or electronic security. However, the NRA takes extraordinary measures to protect information regarding its members, donors, and operations – and is vigilant in doing so.” – Andrew Arulanandam, managing dir., NRA Public Affairs.

Grief tied to Russian hacking group

The Grief ransomware gang is believed to be tied to a Russian hacking group known as Evil Corp.

Also Read: New Licensing Requirements For Cyber-Security Service Providers in 2022

Evil Corp has been active since 2009 and has been involved in numerous malicious cyber activities, including the distribution of the Dridex trojan to steal online banking credentials and steal money.

The hacking group turned to ransomware in 2017, when they released ransomware known as BitPaymer. BitPaymer later morphed into the DoppelPaymer ransomware operation in 2019.

After years of attacking US interests, the US Department of Justice charged members of the Evil Corp for stealing over $100 million and added the hacking group to the Office of Foreign Assets Control (OFAC) sanction list.

Soon after, the US Treasury later warned that ransomware negotiators might face civil penalties for facilitating ransom payments to gangs on the sanction list.

Since then, Evil Corp has been routinely releasing new ransomware strains under different names to evade US sanctions. These ransomware families include WastedLockerHadesPhoenix CryptoLockerPayLoadBin, and, more recently, the Macaw Locker.

However, their original ransomware, DoppelPaymer, ran for years under the same name until May 2021, when they stopped listing new victims on their data leak site.

One month later, the Grief ransomware gang emerged, with security researchers believing to be a rebrand of DoppelPaymer based on code similarities.

As Grief is linked to Evil Corp, it is likely that ransomware negotiators will not facilitate ransom payments without the victim first getting approval from the OFAC.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us