The Medusa ransomware-as-a-service (RaaS) claims to have compromised the pc techniques of NASCAR, america’ Nationwide Affiliation for Inventory Automobile Auto Racing, and made off with greater than 1TB of information.
In a posting on its darkish internet leak web site, Medusa has demanded a US $4 million ransom be paid for the deletion of NASCAR’s knowledge.
On the high of the web page, Medusa has positioned a countdown timer – whereafter it threatens to make the info stolen from NASCAR accessible to anyone on the web. The countdown deadline could be prolonged at a price of US $100,000 per day.
In an try and confirm its declare of getting hacked NASCAR, Medusa has revealed screenshots of what it claims are inside paperwork – together with some purporting to indicate the names, e mail addresses, and telephone numbers of NASCAR workers and sponsors, in addition to invoices, monetary stories, and extra.
Moreover, the ransomware gang has revealed a considerable listing illustrating NASCAR’s inside file construction and the names of paperwork which were exfiltrated.
Though NASCAR has not but confirmed or denied stories that it has been hit by a ransomware assault, the small print revealed by Medusa on its leak web site seem like credible.
Final month, the FBI and CISA revealed a joint cybersecurity advisory warning that the Medusa ransomware had impacted over 300 organisations, together with these in important infrastructure sectors comparable to medical, training, authorized, insurance coverage, know-how and manufacturing.
Previous victims of the Medusa ransomware have included Minneapolis Public Colleges (MPS) district, which refused to pay a million-dollar ransom and noticed roughly 92 GB of its stolen knowledge launched to the general public. The group has additionally boasted about stealing Microsoft supply code prior to now. Different Medusa ransomware victims have included most cancers centres, and British excessive colleges.
If the claims that NASCAR is the most recent sufferer of Medusa are correct, it will not be the primary time that the world of one of many USA’s hottest sports activities has been impacted by cybercrime.
As an illustration, in 2016 the Circle Sport-Leavine Household Racing (CSLFR) discovered its pc techniques unusable after they have been hit by a variant of the TeslaCrypt ransomware.
The CSLFR staff in the end determined to pay the ransom, and obtained a decryption key that enabled them to unlock their impacted computer systems.
Extra lately, in March 2025, the official Twitter account of NASCAR itself was hacked so as to publish a message selling a NASCAR-themed cryptocurrency token.
