The Medusa ransomware-as-a-service (RaaS) claims to have compromised the pc techniques of NASCAR, the US’ Nationwide Affiliation for Inventory Automotive Auto Racing, and made off with greater than 1TB of information.
In a posting on its darkish net leak website, Medusa has demanded a US $4 million ransom be paid for the deletion of NASCAR’s information.
On the high of the web page, Medusa has positioned a countdown timer – whereafter it threatens to make the info stolen from NASCAR obtainable to anyone on the web. The countdown deadline may be prolonged at a price of US $100,000 per day.
In an try to confirm its declare of getting hacked NASCAR, Medusa has printed screenshots of what it claims are inner paperwork – together with some purporting to point out the names, electronic mail addresses, and cellphone numbers of NASCAR workers and sponsors, in addition to invoices, monetary experiences, and extra.
Moreover, the ransomware gang has printed a considerable listing illustrating NASCAR’s inner file construction and the names of paperwork which were exfiltrated.
Though NASCAR has not but confirmed or denied experiences that it has been hit by a ransomware assault, the main points printed by Medusa on its leak website seem like credible.
Final month, the FBI and CISA printed a joint cybersecurity advisory warning that the Medusa ransomware had impacted over 300 organisations, together with these in vital infrastructure sectors comparable to medical, schooling, authorized, insurance coverage, know-how and manufacturing.
Previous victims of the Medusa ransomware have included Minneapolis Public Faculties (MPS) district, which refused to pay a million-dollar ransom and noticed roughly 92 GB of its stolen information launched to the general public. The group has additionally boasted about stealing Microsoft supply code prior to now. Different Medusa ransomware victims have included most cancers centres, and British excessive colleges.
If the claims that NASCAR is the most recent sufferer of Medusa are correct, it will not be the primary time that the world of one of many USA’s hottest sports activities has been impacted by cybercrime.
For example, in 2016 the Circle Sport-Leavine Household Racing (CSLFR) discovered its laptop techniques unusable after they had been hit by a variant of the TeslaCrypt ransomware.
The CSLFR group finally determined to pay the ransom, and obtained a decryption key that enabled them to unlock their impacted computer systems.
Extra just lately, in March 2025, the official Twitter account of NASCAR itself was hacked so as to submit a message selling a NASCAR-themed cryptocurrency token.
