A significant crisis is developing within NASCAR as the governing body of auto racing confronts a severe cyberattack. Multiple sources report that a hacker collective known as "Medusa" has infiltrated their database and is currently asking for payment to prevent the exposure of confidential data.
The organization has set a deadline of 10 days for NASCAR to reply. Should they fail to make the payment, the cyber attackers claim they will leak over one terabyte of information.
NASCAR Hit Hard by Significant Ransomware Assault
As reported by Hackread.com, the collective is demanding $4 million from NASCAR to prevent them from releasing the data they allegedly possess.
It has been reported that the hackers have uploaded 37 pictures as evidence. Among these, one image with blurring effects seems to reveal spreadsheets containing staff information, internal memos, photographs, and company brand assets.
It is claimed that the leaked imagery encompasses racetrack schematics, employee identification badges, correspondence, and additional materials—underscoring the potential severity of this intrusion.
Up until now, NASCAR has not released an official statement, and it remains uncertain just how reliable the circulating information really is. However, according to current reports, NASCAR finds itself in a race against time with every passing moment.
Medusa additionally mentions that they plan to target McFarland Commercial Insurance Services, Bridgebank Ltd., and Pulse Urgent Care next.
The organization made its debut in 2021 and has intensified its assaults since then. A well-documented event occurred in 2023, where they breached the Minneapolis Public Schools system and released sensitive information after a $1 million ransom was not met.
In March, the FBI along with the Cybersecurity and Infrastructure Security Agency (CISA) issued a combined advisory. They encouraged businesses to enhance their cybersecurity measures through the implementation of two-factor authentication and monitoring for any unusual certificate activities.
NASCAR must address these problems swiftly to avoid casting a shadow over the celebrations at Bristol Motor Speedway. Following Denny Hamlin’s victory in the Goodyear 400 at Darlington Raceway on Sunday, April 6, the organization is moving on to Bristol for the Food City 500 scheduled for Sunday, April 13.
Although this could be NASCAR's most significant encounter with a ransomware attack to date, it is certainly not their initial run-in with cyber security problems.
NASCAR’s Official Radio Was Hacked in Atlanta
Over the race weekend in Atlanta, NASCAR faced yet another cybersecurity problem. It was reported that a spectator managed to infiltrate the event’s race radio communications during the Ambetter Health 400.
Individuals caught wind of peculiar and unsuitable transmissions over the team’s communication devices. Spectators quickly took to online platforms to relay what they had tuned into. It wasn’t long before it became clear that an external party was responsible for these broadcasts.