Ransomware bites NASCAR team: lessons learned… fast

NASCAR

You can’t outrun ransomware: either prevent it, or pay up. Maybe that’s the lesson from the latest high profile ransomware victim: the NASCAR team Circle Sport-Leavine Family Racing (CSLFR).

Days before CSLFR planned to field Michael McDowell in Chevy No. 95 at Texas Motor Speedway, strange things started happening to one of its critical test computers. According to detailed coverage at NASCAR.com, crew chief Dave Winston began encountering early signs that something wasn’t quite right:

I started seeing [random files] and said ‘What is this?’ I clicked on one… and I don’t remember if it came up with an actual picture of something, but what it looked like was a screen shot … of a logo or an email or something like it.

I kept working and didn’t think anything of it. But as I went on through the day I saw more and more… I deleted a couple of them and just kept on going.

Later…

All of a sudden every file I tried to open was encrypted and I couldn’t open anything. Needless to say, it sent fear running through my body really quick. You understand how much information we use. Nothing of course was backed up because nobody ever backs up their computers until it’s too late…

The ransomware had locked down some utterly critical data: chassis information, wind tunnel spreadsheets, simulations, track data, test facility data, personnel information, car part lists, and according to Catchfence.com, “custom high-profile simulation set-ups valued at $2 million.”

As Winston said later:

We couldn’t go one day without it greatly impacting the team’s future success. This was a completely foreign experience for all of us, and we had no idea what to do… if we didn’t get the files back, we would lose years’ worth of work, millions of dollars.

So the team gave itself a quick, high-pressure lesson in bitcoin technology, set up its bitcoin wallet, found a bitcoin ATM at a local convenience store, made its $500 payment and – hours later – got the files back.

And, it looks like the team found itself a big silver lining: one that won’t be available to many ransomware victims. Its new security technology provider, Malwarebytes, signed up as a sponsor for the rest of the 2016 Sprint Cup season.

Now, says Winston:

We’re working together with them to try and make it known to people that this can happen to anybody. You’re not immune to it; everybody is susceptible to it.

That’s wisdom – earned the hard way, and fast!