The Medusa ransomware gang has claimed another high-profile victim in NASCAR.
NASCAR was listed by the group on their dark web leak site and demanded a US$4 million ransom, threatening to release internal data if the payment wasn’t made.
According to Hackread.com, 37 documents NASCAR related documents have already been shared as proof. These documents included detailed maps of raceway grounds, email addresses, names and titles of staff, and credential-related information.
The countdown on the Medusa blog says NASCAR has 10 days to pay the ransom. Other options would permit the company to extend the deadline for $100,000 per day or allow anyone to download the data immediately upon paying the $4 million ransom.
NASCAR is yet to acknowledge the leak, however, NASCAR is a likely target for the group due to the large revenue they report every year.
Medusa ransomware was first observed in 2022 and has been a prominent threat since 2023.
Earlier this year, the CISA and FBI teamed up to issue a cybersecurity advisory against Medusa ransomware.
Medusa is known to have hit at least 300 targets that include a variety of critical infrastructure sectors. Some other new victims include McFarland Commercial Insurance Services, Bridgebank Ltd, and Pulse Urgent Care.