Medusa Ransomware Gang Claims Breach of NASCAR, Demands $4M Ransom
The Medusa ransomware-as-a-service (RaaS) group has alleged a breach of NASCAR’s computer systems, claiming to have exfiltrated over 1TB of sensitive data. In a post on its dark web leak site, the gang demanded a $4 million ransom for the deletion of the stolen files, accompanied by a countdown timer threatening public release. The deadline can be extended for $100,000 per day.
To substantiate its claims, Medusa published screenshots of purported internal NASCAR documents, including employee and sponsor contact details, financial reports, invoices, and a directory of exfiltrated files. While NASCAR has not confirmed the attack, the evidence presented appears credible.
Medusa has been active in targeting high-profile organizations, with the FBI and CISA issuing a joint advisory last month warning of its impact on over 300 entities across critical sectors, including healthcare, education, and manufacturing. Past victims include Minneapolis Public Schools, which suffered a 92GB data leak after refusing a ransom, as well as cancer centers and British high schools. The group has also previously claimed to have stolen Microsoft source code.
This incident follows a pattern of cyberattacks on major sports organizations. In 2016, NASCAR-affiliated team Circle Sport-Leavine Family Racing paid a ransom after a TeslaCrypt attack, while in March 2025, NASCAR’s official Twitter account was hijacked to promote a fraudulent cryptocurrency scheme. If confirmed, this breach would mark another high-profile disruption in the sports industry.
Source: https://www.bitdefender.com/en-us/blog/hotforsecurity/medusa-ransomware-hacked-nascar
NASCAR cybersecurity rating report: https://www.rankiteo.com/company/nascar
"id": "NAS1770566035",
"linkid": "nascar",
"type": "Ransomware",
"date": "4/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Sports/Entertainment',
'location': 'United States',
'name': 'NASCAR',
'type': 'Sports Organization'}],
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Employee contact details',
'Sponsor contact details',
'Financial reports',
'Invoices']},
'description': 'The Medusa ransomware-as-a-service (RaaS) group has alleged a '
'breach of NASCAR’s computer systems, claiming to have '
'exfiltrated over 1TB of sensitive data. The gang demanded a '
'$4 million ransom for the deletion of the stolen files, '
'accompanied by a countdown timer threatening public release. '
'Screenshots of purported internal NASCAR documents, including '
'employee and sponsor contact details, financial reports, and '
'invoices, were published to substantiate the claims.',
'impact': {'brand_reputation_impact': 'High',
'data_compromised': 'Over 1TB of sensitive data',
'identity_theft_risk': 'High'},
'investigation_status': 'Ongoing',
'motivation': 'Financial gain',
'ransomware': {'data_exfiltration': 'Yes',
'ransom_demanded': '$4,000,000',
'ransomware_strain': 'Medusa'},
'references': [{'source': 'Medusa dark web leak site'},
{'source': 'FBI and CISA joint advisory'}],
'threat_actor': 'Medusa Ransomware Gang',
'title': 'Medusa Ransomware Gang Claims Breach of NASCAR',
'type': 'Ransomware'}