-
NASCAR is seemingly having a ransomware speculation, with a request of $4m ransom.
-
The organization has not yet made any formal statement on whether or not the speculation is valid, although speculation about this is spreading further.
-
The purported attack against a sporting body is indicative of the ever-increasing growth of cybercrime throughout varying industries and emphasizes the requirement for increased online security awareness.
There are currently allegations of a potential cyberattack on NASCAR following reports of a ransom demand from it. Hackers allegedly targeted this leading U.S. motorsport organization, likely aiming to extort a significant sum of money.
Although NASCAR has yet to provide the precise details, the rise of this latest incident has raised several worries regarding the state of digital security within professional sport.
Reports of a $4 Million Ransom Demand
The report revealed that the hackers, who are the Medusa ransomware group, made an extortionate demand of approximately $4 million to NASCAR, which appeared to constitute a ransomware attack. Also, the gang threatened to expose all exfiltrated data containing sensitive data for NASCAR’s internal system if the organization failed to pay the ransom.
They used ransomware attacks to access critical data on a system before locking it and requesting payment from the victim. Unfortunately, recent years have seen an increase in this type of attack, and they already occur regularly in large organizations.
The playbook is always the same: breach, threaten, and if unpaid, dump the data as NightSpire did when they targeted a US hotel giant and released internal data on the dark web after the company presumably refused to meet their demands.
Although NASCAR has so far not confirmed the breach, the report noted that the hackers posted 37 screenshots of images that relate to the organization as proof of their attack.
Also, some experts indicate that a sports institution is a likely target for attack. Large organizations store vast amounts of data, such as financial data, internal email messages, and employee personal information that consistently attract cybercriminals as vulnerable targets.
For years, the U.S. government has warned of the growing risk of ransomware. As the Cybersecurity and Infrastructure Security Agency (CISA) points out, ransomware puts a strain on the organization, disrupts business operations, damages to reputation, and costs millions to recover from the attack. CISA continuously updates the business community on the best means for protecting against this type of attack and what businesses can do to recover when attacked.
If this claim about NASCAR is valid, this attack can represent another example of how even prominent organizations can become victims of cybercrime.
How Cyberattacks Are Hitting Major Organizations
Online attacks are a threat that affects every industry today. Some non-technology sectors, such as hospitals, colleges, and even local governments, report similar attacks as well. The cyberattack on Colonial Pipeline Company affected gasoline delivery in the United States and was considered an empirical case. The company paid millions to the hacker before it resumed service. The U.S. authorities later confirmed many of those details and worked with others to return at least part of the money.
Sports organizations are also targets as they have become reliant on digital systems. Among other things, they conduct ticketing online, manage race data digitally, and execute all sponsorship agreements electronically. A successful cyber-attack would consequently halt operations and wreak havoc during an event.
According to experts, ransomware gangs prefer to receive payment in cryptocurrency due to its difficulty of tracking. Companies then face the ‘ransom dilemma’: pay the ransom hoping to restore operations, or refuse and risk losing critical data. Most law enforcement officials recommend not paying because that only encourages future attacks.
This exact dilemma played out recently when the Cl0p ransomware gang allegedly hacked a New Zealand poultry producer, demonstrating that no industry, from racing to food production, is safe from these increasingly brazen extortion tactics. If hackers targeted NASCAR, it would prove that no industry is immune to cyberattacks.
What This Could Mean for Fans and the Sport
There are currently no signs that NASCAR will cancel or delay any races. However, cyber threats can impact more industries than simply the organizations involved. If attackers compromise the company’s systems, they could disrupt ticketing and payment operations.
Data privacy is a high priority; the data about customers, employees, and partners of organizations is valuable to hackers through identity theft. An organization’s best practices sometimes may not allow for quick public communication about the extent of a breach before investigations.
Cybersecurity experts stress the need for swift action, including isolating infected systems, alerting authorities, and notifying anyone affected. Transparency also helps maintain public trust.
For NASCAR, the key will be to provide action steps after the incident. A clear official statement regarding the incident to calm rumors and speculation is important. However, until then, much of the discussion surrounding the incident will be based on the initial circulating rumors.
One fact is obvious: cyber threats are on the rise. Companies across many sectors now face the challenge of having to invest in stronger digital security to protect their organizations, whether they’re a company in the sports industry, an energy company, or a health care provider. The events surrounding the NASCAR incident serve as a reminder that the race is not only occurring on the track; today, there is also an online race.
