The Medusa ransomware-as-a-service (RaaS) claims to have compromised the pc techniques of NASCAR, the US’ Nationwide Affiliation for Inventory Automotive Auto Racing, and made off with greater than 1TB of knowledge.
In a posting on its darkish internet leak web site, Medusa has demanded a US $4 million ransom be paid for the deletion of NASCAR’s knowledge.
On the prime of the web page, Medusa has positioned a countdown timer – whereafter it threatens to make the info stolen from NASCAR obtainable to anyone on the web. The countdown deadline will be prolonged at a value of US $100,000 per day.
In an try and confirm its declare of getting hacked NASCAR, Medusa has printed screenshots of what it claims are inner paperwork – together with some purporting to indicate the names, electronic mail addresses, and cellphone numbers of NASCAR workers and sponsors, in addition to invoices, monetary reviews, and extra.
Moreover, the ransomware gang has printed a considerable listing illustrating NASCAR’s inner file construction and the names of paperwork which have been exfiltrated.
Though NASCAR has not but confirmed or denied reviews that it has been hit by a ransomware assault, the main points printed by Medusa on its leak web site look like credible.
Final month, the FBI and CISA printed a joint cybersecurity advisory warning that the Medusa ransomware had impacted over 300 organisations, together with these in essential infrastructure sectors equivalent to medical, training, authorized, insurance coverage, expertise and manufacturing.
Previous victims of the Medusa ransomware have included Minneapolis Public Colleges (MPS) district, which refused to pay a million-dollar ransom and noticed roughly 92 GB of its stolen knowledge launched to the general public. The group has additionally boasted about stealing Microsoft supply code up to now. Different Medusa ransomware victims have included most cancers centres, and British excessive colleges.
If the claims that NASCAR is the most recent sufferer of Medusa are correct, it will not be the primary time that the world of one of many USA’s hottest sports activities has been impacted by cybercrime.
For example, in 2016 the Circle Sport-Leavine Household Racing (CSLFR) discovered its laptop techniques unusable after they had been hit by a variant of the TeslaCrypt ransomware.
The CSLFR staff finally determined to pay the ransom, and obtained a decryption key that enabled them to unlock their impacted computer systems.
Extra lately, in March 2025, the official Twitter account of NASCAR itself was hacked as a way to publish a message selling a NASCAR-themed cryptocurrency token.
