Medusa Ransomware Claims Nascar Breach In Latest Attack

The Medusa ransomware pack has added different high-profile sanction to its increasing database of victims. Earlier today, nan group listed NASCAR (National Association for Stock Car Auto Racing) connected its acheronian web leak site, demanding a $4 cardinal ransom and threatening to merchandise soul information if costs isn’t made. Alongside NASCAR, nan group is besides claiming McFarland Commercial Insurance Services, Bridgebank Ltd, and Pulse Urgent Care arsenic caller victims.

As seen by Hackread.com, nan hackers person already posted 37 archive images related to NASCAR arsenic proof. A reappraisal of 1 of nan blurred images shows a operation of firm branding materials, installation maps, spreadsheets pinch worker interaction details, and what looks for illustration soul notes and photographs.

A speedy study of nan leaked documents suggests immoderate of nan contented includes elaborate maps of raceway grounds, email addresses, names and titles of staff, and credential-related info, which suggests a existent discuss of operational and logistical data.

Screenshot from nan leaked sample information from nan Medusa ransomware gang’s acheronian web leak tract (Credit: Hackread.com)

The Medusa group was first spotted successful nan chaotic backmost successful 2021, but its activity has picked up velocity complete nan past mates of years. One of its better-known attacks was against nan Minneapolis Public Schools territory in 2023, wherever nan group leaked delicate student and worker information aft a $1 cardinal ransom request went unmet. They’ve besides targeted hospitals, telecom firms, and municipalities, often dumping ample amounts of soul files erstwhile ransoms aren’t paid.

More recently, Medusa made nan news just a mates of weeks ago for utilizing stolen integer certificates to disable anti-malware devices connected infected systems. That tactic, which was flagged successful a March 25 report, allowed them to run wrong networks and debar detection.

On March 13 2025, nan FBI and CISA issued a associated advisory urging organizations to fortify their defenses. The advisory specifically recommended enabling two-factor authentication and monitoring systems for signs of unauthorized certificate use, intelligibly concerned astir nan guidance Medusa’s attacks were heading.

NASCAR pulls in hundreds of millions of dollars successful gross each year, truthful it’s not astonishing that nan Medusa ransomware pack would spell aft them. But what this really highlights is that nary matter really overmuch money a institution makes, beardown cybersecurity still often takes a backseat.

Nevertheless, for now, it’s unclear if NASCAR plans to discuss aliases salary nan ransom. But fixed Medusa’s way record, much information leaks are apt if nan ransom isn’t paid wrong nan timeframe group by nan attackers.