Circle-Sport Leavine Family Racing (CSLFR) was rear-ended by a ransomware attack in April forcing the team to fork over about $500 to regain access to essential team records.
Leavine, which races car number 95 in the NASCAR Sprint Cup Series, was hit on April 5 with TeslaCrypt which locked up all the files on crew chief Dave Winston's laptop. The data held hostage included car set ups, car part lists, and custom high-profile simulation packages valued at $2 million. The team estimated that to recreate this data, it would have taken the team nearly 1,500 man-hours.
Winston told SCMagazine.com that he had a moment of “pure panic” when he realized something had gone wrong with his computer. The attack took a few hours to unfold with Winston watching as file after file, none of which were backed up, was encrypted. In the end he attempted to open a file and was presented with the ransomware note.
“Then we spent 24 hours trying to figure out what happened,” Winston said, adding the team's IT person was consulted and they called local computer repair shops. “But we discovered there was nothing we could do.”
Leavine decided to pay the ransom because the cost and time involved replacing the information would have damaged the team's chances in its upcoming race. The general rule of thumb in the security industry, and one now endorsed by the FBI, is to never pay a ransom because giving in to the criminal's demands does not guarantee the data will be released and the victim could simply be targeted again. This was the greatest fear running through Winston's mind, that even after paying the files would not be released, but in this case almost all were recovered.
However, without the data in hand the team would have been at a distinct disadvantage during that week's race
“The data that they were threatening to take from us was priceless, we couldn't go one day without it without it greatly impacting the team's future success. This was a completely foreign experience for all of us, and we had no idea what to do. What we did know was that if we didn't get the files back, we would lose years worth of work, millions of dollars, and be completely unable to compete in upcoming races,” Winston said.
CSLFR is now working with Malwarebytes to promote ransomware awareness. The team's car will sport a Malwarebytes' logo as an associate sponsor for the next few weeks and then the company will come on board as a full-time sponsor starting with the NASCAR race in Loudon, N.H.