NASCAR team Circle Sport-Leavine Family Racing (CSLFR) revealed today it faced a ransomware infection this past April when it almost lost access to crucial files worth nearly $2 million, containing car parts lists and custom high-profile simulations that would have taken 1,500 man-hours to replicate.
The infection took place on the computer belonging to Dave Winston, CSLFR’s crew chief. Winston’s staff detected the infection when encrypted files from Winston’s computer began syncing to their joint Dropbox account.
The crew notified Winston, who isolated his computer from the rest of the network, but by that time, the ransomware’s encryption process had already all the data it needed to lock the rest of the files.
The guilty party: TeslaCrypt!
The team said the infection took place around April 5. On April 9, the team had to participate in the Duck Commander 500 race at the Texas Motor Speedway in Fort Worth, Texas.
Googling for details on their ransomware infection, the team discovered they were infected with the TeslaCrypt ransomware. The crooks behind the TeslaCrypt ransomware decided to abandon their criminal operations andlater in mid-May, about a month after CSLFR’s infection.
At that time, having no backups of the infected computer, Winston said they eventually had to pay the ransom. CSLFR didn’t say how much, but a typical TeslaCrypt ransomware infection usually asked for ~$500.
Malwarebytes becomes CSLFR’s sponsor
Winston says that he received a decryption key the next morning after he paid the ransom, and that they recovered all files without errors.
After the ransomware attack, Winston said they were advised to reach out to Malwarebytes, a US security vendor who operates one of the most reliable anti-malware software products on the market today.
Following the incident and the subsequent relationship forged between the team and the security vendor, Malwarebytes has also agreed to sponsor the team. Starting with upcoming races car #95 will be sporting the Malwarebytes logo on its hood.