NASCAR Team Partners Malwarebytes After Ransomware Attack

Ransomware has claimed another victim, this time a NASCAR racing team called Circle Sport-Leavine Family Racing (CSLFR).

It seems the attackers managed to encrypt vital test and racing data belonging to the NASCAR team, leaving it with little option but to pay the ransom.

No Backups

The dramatic story was revealed after Malwarebytes, the California-based security specialist, announced that it is now a sponsor of the team.

“The team recently fell victim to ransomware, where a crucial subset of data was held hostage,” the two organisations said. “The company turned to Malwarebytes in the wake of the attack, and now deploys Malwarebytes Anti-Malware on all company computers to protect its data.”

The problem occurred for Circle Sport-Leavine Family Racing when the computer belonging to crew chief, Dave Winston, became infected with TeslaCrypt ransomware. The computer contained crucial race track data, chassis information, as well as wind tunnel and simulation data.

The TeslaCrypt ransomware however encrypted all this data and the attackers demanded the CSLFR team pay a ransom within 48 hours, or their data would be gone forever. Unfortunately for the team, the cost to recreate all this data would have been $2m (£1.48m) and taken nearly 1,500 man-hours.

There were also no backups of the data.

“Just knowing that we could lose everything that we had worked so hard to achieve was terrifying,” said Dave Winston, NASCAR Sprint Cup Series Crew Chief. “The data that they were threatening to take from us was priceless, we couldn’t go one day without it greatly impacting the team’s future success. This was a completely foreign experience for all of us, and we had no idea what to do. What we did know was that if we didn’t get the files back, we would lose years worth of work valued at millions of dollars.”

In the end, the team felt they had no choice but to pay $500 worth of bitcoins, and the data was recovered when the attackers send the key to unlock the data.

Following that attack the CSLFR team teamed up with Malwarebytes, which found and eliminated additional instances of malware infection at the team from over 10,000 files. Malwarebytes is now protecting all of the company data.

“Like most companies, we felt we had solid security in place on our digital intelligence with our software and firewalls, but this is a very new threat,” said Jeremy Lange, vice president at CSLFR. “It’s an area of coverage that you don’t realise you need until it happens to you. We’re lucky that it all worked out and now having this partnership with Malwarebytes, we hope to inform NASCAR fans and the industry of this threat and the solution.”

“We are honoured to be partnering with CSLFR to emphasise to everyone including the NASCAR community that ransomware is a very real threat,” said Marcin Kleczynski, CEO, Malwarebytes. “Companies of all types and sizes can fall victim at any time.

Growing Menace

Ransomware of course is a growing menace. Earlier this week researchers found a new version of the CryptXXX family of ransomware which had already netted payments of about £26,000 during a period of less than three weeks.

The irony of the NASCAR story is that in May the gang behind the TeslaCrypt ransomware shut down their criminal operation and apologised. The gang also handed over the universal master decryption key to the malware to security researchers ESET.

ESET has previously warned that the UK was being heavily targeted by ransomware.

Organisations are advised to have strong, multi-tier security systems in place to prevent malicious attachments from reaching users.

Are you a security pro? Try our quiz!