Circle Sport-Leavine Family Racing Hacked By Ransomeware; Priceless Data Held Hostageby Hunter Thomas June 24, 2016 0 comments
SONOMA, Calif. – Just prior to the Duck Commander 500 at Texas Motor Speedway in April, Circle Sport-Leavine Family Racing (CSLFR) was attacked by TeslaCrypt Ransomeware. Malwarebytes, the California-based company who cleaned up the team’s computers will be an associate sponsor on Michael McDowell’s No. 95 Chevrolet this weekend at Sonoma Raceway during the Toyota/Save Mart 350.
The TeslaCrypt Ransomeware attacked crew chief, Dave Wintson’s computer and held the team’s data for ransome. Winston and Michael Leavine, CSLFR Operations Manager first noticed the ransomeware in Dropbox, when some suspicious files popped up.
“Kevin and I noticed it in a Dropbox folder,” Leavine said. “There were some weird files popping up that looked almost corrupted. We got to looking at it, and it was these TeslaCrypt files talking about this ransom, and we had no idea what was going on.”
CSLFR only had 48 hours to pay the hackers or else they’d lose priceless track data, simulation set-ups that were worth $2 million, car part lists and much more. The team initially attempted to salvage the files, but the ransomeware had the information encrypted, making them inaccessible without a key.
“Just knowing that we could lose everything that we had worked so hard to achieve was terrifying,” Winston said. “The data that they were threatening to take from us was priceless, we couldn’t go one day without it greatly impacting the team’s future success. This was a completely foreign experience for all of us, and we had no idea what to do. What we did know was that if we didn’t get the files back, we would lose years worth of work valued at millions of dollars.”
The information that would take roughly 1,500 man-hours and millions of dollars to recreate was eventually saved after the team paid the hackers in bitcoins. With the Duck Commander 500 just days away, Winston and the team felt that paying the ransome would produce the best scenario. Once the team paid the hackers, they received a key that enabled them to unlock the files and retrieve the data. After CSLFR installed Malwarebytes Anti-Malware on their computers, the software located over 10,000 malware infections. Needless to say, Malwarebytes is now protecting the team’s computers after its success.
“We are honored to be partnering with CSLFR to emphasize to everyone including the NASCAR community that ransomware is a very real threat,” said Marcin Kleczynski, CEO, Malwarebytes. “Companies of all types and sizes can fall victim at any time. Instances of ransomware infection are growing rapidly, and the first step in fighting a disease is protection. At Malwarebytes, we are doing everything we can to help companies like CSLFR and the other Fortune 500 companies in NASCAR to protect and defend themselves from cyber criminals who want to take their incredibly valuable data hostage.”
Now that the threat is gone, it appears that CSLFR dodged a bullet and are taking actions to prevent this from ever happening again. Hopefully all of the other teams in the garage are taking notes and are backing up their data and taking the correct steps as well. NASCAR is such a fast-paced sport that sometimes it’s difficult for teams to put in the time to do anything besides working in the race shops. Some of the smaller teams have just a handful of fulltime employees, making it difficult to focus on other aspects of a race team, such as cyber security.
The Toyota/Save Mart 350 at Sonoma Raceway will broadcast live on FOX Sports 1 (FS1) and the Performance Racing Network (PRN), Sunday, June 26 at 3 p.m. ET.
Photo Credit: Nigel Kinrade