In April, this year, Circle-Sport Leavine Family Racing (CSLFR) was rear-ended by a ransomware attack forcing the team to pay about $600 to get back the access to its essential team records enabling CSLFR to compete in a race.
On April 5, Leavine, which races car number 95 in the NASCAR Sprint Cup Series, was attacked with TeslaCrypt, which locked up all the files on crew chief Dave Winston’s laptop.
The encrypted data included car set ups worth over $1.5 million, car part lists, and custom high-profile simulation packages valued at $2 million. According to CSLFR team, it would have taken nearly 1,500 man-hours in addition to the monetary cost to recreate the locked data.
Winston said that he had a moment of “pure panic” when he realized something had gone wrong with his computer. The attack took a few hours to unfold with Winston watching as file after file, none of which were backed up, was encrypted. Finally, he attempted to open a file and the ransomware note was displayed.
“Then we spent 24 hours trying to figure out what happened,” Winston stated, adding the team’s IT person was consulted and they called local computer repair shops. “But we discovered there was nothing we could do.”
Leavine paid the ransom because the cost and time involved replacing the information would have damaged the team’s chances in its upcoming race. Nevertheless, the main rule of thumb in the security industry, and the one endorsed by the FBI, is to never pay a ransom because giving in to the hacker’s demands does not guarantee the data will be released and the victim could simply be targeted again. Winston’s greatest fear was that even after paying the ransom, the team’s files would not be released. Though, they were almost recovered.
“The data that they were threatening to take from us was priceless, we couldn’t go one day without it without it greatly impacting the team’s future success. This was a completely foreign experience for all of us, and we had no idea what to do. What we did know was that if we didn’t get the files back, we would lose years worth of work, millions of dollars, and be completely unable to compete in upcoming races,” Winston explained.
Winston also stated that the incident was a learning experience as the team had to be brought up to speed on cybersecurity, but even to how to buy bitcoin to pay the ransom.
Since then, Teslacrypt has been rendered somewhat useless as its master keys have been made public and several companies have come out with decryptors.
Currently, CSLFR is working on promoting ransomware awareness. The team’s car will sport a Malwarebytes’ logo as an associate sponsor for the next few weeks and then the company will come on board as a full-time sponsor starting with the NASCAR race in Loudon, N.H.
