According to multiple media outlets, NASCAR allegedly fell victim to the notorious ransomware gang “Medusa.” The group is believed to have threatened to leak the franchise’s internal data on the dark web, namely confidential and personal identification information. Such data includes but is not limited to email addresses, names, job titles, credential-related information, and venue maps. Medusa contended that NASCAR officials must pay a hefty ransom in exchange for not leaking critical data.
In a report released by the cybersecurity news platform Hackread, NASCAR was warned as early as March that the likelihood of a cyber event was elevated. The report also stated that the Federal Bureau of Investigation (FBI) and the Central Intelligence Agency (CIA) suggested that the organization use a two-factor authentication system to beef up web security. Rumors have been swirling that this was just an idle threat, but was it?
The franchise grappled with a similar incident at Atlanta Motor Speedway in February, where radio communication systems were manipulated. However, the incident was quickly contained before it emitted further damage. The current breach is thought to have occurred on April 8. The threat actor Medusa is responsible for stealing 1 trillion bytes (1 terabyte) of data.
How Medusa Leaked NASCAR’s Sensitive Data
As a result of the recent data leak by the threat actor Medusa, NASCAR has allegedly lost some of its sensitive data. According to a statement released by the threat actors, over 1,000 gigabytes of NASCAR’s sensitive data was leaked on the dark web. “The total amount of data leakage is 1038.70 GB,” Medusa said. The actor also claims responsibility for a breach that leaked the franchise’s internal file structure, including personal identification information and sensitive documents.
Many thought the threats were idle until Medusa released 33 screenshots of vast datasets and track-related documents proving otherwise. The franchise was also given an ultimatum of 10 days to pay $4 million or 1 day to pay $100,000 to buy back their data. Medusa also claimed responsibility for leaking sponsorship data, incident report designs, financial reports, invoices, and credential information.
About the Alleged Attack
The leak of sensitive data from a multi-million dollar organization like NASCAR could gravely hinder its critical infrastructure. Especially since the threat actor in question, “Medusa,” uses the cybercrime business model Ransomware-as-a-Service (RaaS). Ransomware-as-a-Service is dangerous because threat actors sell ransomware or malware code to other cybercriminals for malicious intent. The threats against NASCAR were clearly geared toward extorting money and halting business operations.
The organization rakes in roughly over $3 million annually, and it’s apparent threat actors were aware of this before initiating an attack. That’s about as close as it gets to their initial ransom request of $4 million. It’s unlikely that this is a coincidence. Additionally, it’s scary to think that the United States’ largest racing governing body, which contributes millions to state and city economies, has been targeted.
It’s a known fact that cities hosting NASCAR events see a spike in annual revenue due to an influx of visitors worldwide. Chicago, Illinois, has greatly benefited from the Street Race until its final year in 2023. The annual event added an additional $109 million to Chicago’s existing economic output of $571 billion. Therefore, the implications of an attack of this magnitude will affect NASCAR and the cities that depend on these events to thrive economically.
Final Thoughts
rumors have been swirling that NASCAR was hit with a Ransomware-as-a-Service attack demanding a $4 million ransom in exchange for not leaking critical data. The notorious ransomware gang Medusa is thought to be responsible for the apparent attack. NASCAR has yet to release information confirming or denying the legitimacy of the alleged threat. More information will be released as it’s made available.
