NASCAR: Medusa ransomware gang claims to have hacked NASCAR

NASCAR: Medusa ransomware gang claims to have hacked NASCAR

Medusa Ransomware Gang Claims Breach of NASCAR, Demands $4M Ransom

The Medusa ransomware-as-a-service (RaaS) group has alleged a breach of NASCAR’s computer systems, claiming to have exfiltrated over 1TB of sensitive data. In a post on its dark web leak site, the gang demanded a $4 million ransom for the deletion of the stolen files, accompanied by a countdown timer threatening public release. The deadline can be extended for $100,000 per day.

To substantiate its claims, Medusa published screenshots of purported internal NASCAR documents, including employee and sponsor contact details, financial reports, invoices, and a directory of exfiltrated files. While NASCAR has not confirmed the attack, the evidence presented appears credible.

Medusa has been active in targeting high-profile organizations, with the FBI and CISA issuing a joint advisory last month warning of its impact on over 300 entities across critical sectors, including healthcare, education, and manufacturing. Past victims include Minneapolis Public Schools, which suffered a 92GB data leak after refusing a ransom, as well as cancer centers and British high schools. The group has also previously claimed to have stolen Microsoft source code.

This incident follows a pattern of cyberattacks on major sports organizations. In 2016, NASCAR-affiliated team Circle Sport-Leavine Family Racing paid a ransom after a TeslaCrypt attack, while in March 2025, NASCAR’s official Twitter account was hijacked to promote a fraudulent cryptocurrency scheme. If confirmed, this breach would mark another high-profile disruption in the sports industry.

Source: https://www.bitdefender.com/en-us/blog/hotforsecurity/medusa-ransomware-hacked-nascar

NASCAR cybersecurity rating report: https://www.rankiteo.com/company/nascar

"id": "NAS1770566035",
"linkid": "nascar",
"type": "Ransomware",
"date": "4/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Sports/Entertainment',
                        'location': 'United States',
                        'name': 'NASCAR',
                        'type': 'Sports Organization'}],
 'data_breach': {'data_exfiltration': 'Yes',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Employee contact details',
                                              'Sponsor contact details',
                                              'Financial reports',
                                              'Invoices']},
 'description': 'The Medusa ransomware-as-a-service (RaaS) group has alleged a '
                'breach of NASCAR’s computer systems, claiming to have '
                'exfiltrated over 1TB of sensitive data. The gang demanded a '
                '$4 million ransom for the deletion of the stolen files, '
                'accompanied by a countdown timer threatening public release. '
                'Screenshots of purported internal NASCAR documents, including '
                'employee and sponsor contact details, financial reports, and '
                'invoices, were published to substantiate the claims.',
 'impact': {'brand_reputation_impact': 'High',
            'data_compromised': 'Over 1TB of sensitive data',
            'identity_theft_risk': 'High'},
 'investigation_status': 'Ongoing',
 'motivation': 'Financial gain',
 'ransomware': {'data_exfiltration': 'Yes',
                'ransom_demanded': '$4,000,000',
                'ransomware_strain': 'Medusa'},
 'references': [{'source': 'Medusa dark web leak site'},
                {'source': 'FBI and CISA joint advisory'}],
 'threat_actor': 'Medusa Ransomware Gang',
 'title': 'Medusa Ransomware Gang Claims Breach of NASCAR',
 'type': 'Ransomware'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.