NASCAR Team Pays ransom to save $2 million worth of information, warns others of the dangers.
Winston and his colleagues with Circle Sport-Leavine Family Racing are coming forward today to talk about their very personal experience with Teslacrypt ransomware back in April — to warn others of the reality of ransomware so that fewer businesses and computer users in their position don’t have to learn the hard way.
“We learned first-hand that it’s a fact and it happens,” Winston says. “So that’s what we’re hoping to be able to do is to spread the word and the knowledge, and have people understand that this is something that’s going to happen more and more and you have to protect yourself.”
Circle Sport-Leavine Family Racing is a close-knit team with a small IT footprint of only about 10 computers. Prior to the ransomware attack, nobody on the team was super-savvy about backing up files or choosy about anti-malware packages. Each user was pretty much responsible for using whatever default antivirus came on the computer out-of-the box and there were no standards for protection. Things like ransomware and malware attacks simply weren’t on the team’s radar–they were too busy tuning their cars to perform well in the Sprint Cup series races.
As crew chief, Winston depends on his computer to store valuable and sensitive information vital to competing in the series.
“It was any information you could possibly imagine, whether it was track set-up information, car chassis information, wind tunnel information, personnel information, or parts information,” he says. “Everything was on my computer and there were spreadsheets I used to determine setups and things like that in the car as we went from racetrack to racetrack.”
When he was confronted by the pop-up box that all of his data and files had been encrypted and he had to pay a ransom, he thought, “This can’t be.” So he tried to open another one. And another one. Soon, the panic kicked in.
He got four or five of his teammates around the table and they tried to figure out what happened. After hours of research on ransomware and the thought of losing what they estimated to be $2 million worth information just a few days before their cars were set to hit the next racetrack, they decided to bite the bullet. Considering that it would have taken the team 1,500 man-hours to recreate the data, they felt paying off the bad guys was their only option.
They found a Bitcoin ATM just a few miles away from them, loaded up with $500 worth of the digital currency, crossed their fingers and paid the extortionists. After a night sweating it out, the criminals did come through with an encryption key. But the next morning when they tried to apply it, they couldn’t get it to work.
That’s when they went to get help from their technical alliance partners at the Richard Childress Racing team, which does have an IT staff. Not only did they help them apply the key, but they got Circle Sport-Leavine Family Racing on the path toward future protection by steering them over to Malwarebytes and offering best practice advice on things like backup procedures and establishing standard security set-ups across all of their computers.
By: Ericka Chickowski