NASCAR suffers alleged cyber crash as hackers take the wheel

Threat actors have claimed an attack on major US racing institution NASCAR (the National Association for Stock Car Auto Racing), the number one form of motorsport in the US.

In a post to its dark web leak site, the Medusa ransomware gang listed NASCAR, claiming to have stolen over a terabyte of data.

Within the claimed 1038.70 gigabytes of data is contact details of third-party services including names and emails; names and email addresses for executives and staff of various racetracks; phone numbers; internal contact information; business documents; workers comp invoices; and logo details, maps of racetracks, and photos of racetracks; handwritten tellings of accidents; partner details; confidential legal document; and more, according to the sample provided by Medusa.

You’re out of free articles for this month

Username or Email

Password Forgot password?

Keep me signed in on this device.

First Name

Last Name

Mobile

Organisation Type

By becoming a member, I agree to receive information and promotional messages from Cyber Daily. I can opt out of these communications at any time. For more information, please visit our Privacy Statement.

Need help signing up? Visit the Help Centre.

Medusa has requested NASCAR pay a US$4,000,000 ransom to prevent the data from being posted in just over 10 days at the time of writing. The group has also given NASCAR the option to extend the time before publication by one day for US$100,000.

NASCAR is yet to publicly acknowledge the cyber incident. Cyber Daily has reached out to NASCAR for comment on the incident and is awaiting a response.

Since it first emerged in January 2021, Medusa has built itself a reputation as one of the most notorious ransomware operators.

According to a joint advisory from the US Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Multi-State Information Sharing and Analysis Centre (MS-ISAC), the ransomware-as-a-service (RaaS) organisation has been targeting entities “from a variety of critical infrastructure sectors with affected industries, including medical, education, legal, insurance, technology, and manufacturing”.

VIEW ALL

The advisory said that Medusa has launched cyber attacks on over 300 critical infrastructure entities.

“Medusa developers typically recruit initial access brokers (IABs) in cyber criminal forums and marketplaces to obtain initial access [TA0001] to potential victims,” said CISA.

“Potential payments between US$100 and US$1 million are offered to these affiliates with the opportunity to work exclusively for Medusa.”

The group is also known for using living-off-the-land (LOTL) techniques and legitimate tools to prevent detection.

In the four years since it first emerged, the group has listed over 400 victims, including Australian and international critical infrastructure organisations.

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

You need to be a member to post comments. Become a member for free today!

newsletter

Be the first to hear the latest developments in the cyber industry.

NASCAR suffers alleged cyber crash as hackers take the wheel

Daniel Croft

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

STAY CONNECTED