Medusa ransomware has claimed a massive data breach at NASCAR (The National Association for Stock Car Auto Racing). Hackers have released the organization’s internal file structure and 33 screenshots containing sensitive personal details and documents.

NASCAR was added to Medusa’s dark web data leak site on April 8th. The threat actor claims to have stolen over one terabyte of data.

“The total amount of data leakage is 1038.70 GB,” Medusa said.

The countdown timer on the dark web leaves NASCAR 10 days to react. The gang is demanding $4 million to download and delete the data but also offers to add 1 day to the timer for $100,000.

To prove their claims, hackers have already leaked a lot of sensitive data.

It includes the complete stolen data file tree structure, which contains a few main folders named after engineering, accounting, race data, share data, “work main” and other folders.

Moreover, Medusa released 33 screenshots of various documents and datasets. They contain details about employees and potentially other individuals, as well as their credentials, such as emails, phone numbers, titles, etc.

Medusa also exposed invoices, financial reports, incident report designs, sponsorships, and other internal documents. One map of a raceway’s grounds is also included.

The details provided suggest that the data theft might be legitimate. Medusa ransomware is, after all, a highly capable cybercrime ring responsible for hundreds of attacks against critical infrastructure.

However, NASCAR hasn’t yet confirmed or denied any claims made by Medusa ransomware. Cybernews reached out to the company for comment and is awaiting its response.

NASCAR is the sanctioning body and operator behind the most popular form of motorsports in the US and is one of the top-ranked motorsports organizations globally. NASCAR popularized stock car racing, and each year, it sanctions over 1,500 races at over 100 tracks in 48 US states, as well as in Canada, Mexico, Brazil, and Europe.

What is Medusa?

Medusa is a ransomware-as-a-service variant used to conduct ransomware attacks. This ransomware gang has breached over 300 victims across critical infrastructure sectors since its first detection in June 2021.

The gang's increased activity has prompted the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) to release a joint advisory alerting companies on how to defend against this menace.

Get our latest stories today on Google News

Follow us

The hackers employ a double, and sometimes even triple, extortion model. That means they steal and encrypt victim data and threaten to publicly release the exfiltrated information if the ransom is not paid. Some victims reported being contacted again and asked to pay for a “true decryptor.”

Medusa is active in cybercriminal forums and marketplaces, recruiting hackers to obtain initial access to potential victims. The ring has been observed offering initial access brokers between $100 and $1 million and the opportunity to work exclusively for Medusa.