The Medusa ransomware group has achieved another significant milestone in its series of attacks, as it has recently targeted NASCAR, the National Association for Stock Car Auto Racing. This incident was announced today after the group listed NASCAR on its dark web leak site, issuing a ransom demand of $4 million and threatening to publish sensitive internal data if the sum is not paid. In addition to NASCAR, Medusa claims to have also compromised several other entities, including McFarland Commercial Insurance Services, Bridgebank Ltd, and Pulse Urgent Care.
Hackread.com reported that the perpetrators have already released 37 document images related to NASCAR as alleged proof of their intrusion. Analysis of one of the blurred images indicates a mixture of corporate branding materials, facility maps, spreadsheets containing employee contact information, and what appear to be internal communications and photographs. These documents suggest that the group has accessed operational and logistical information critical to NASCAR’s operations.
A closer examination of the leaked materials points to the presence of detailed raceway maps, email addresses, staff names and titles, as well as sensitive credential-related data. Such disclosures indicate a substantial compromise of important business intelligence, raising concerns about the implications for NASCAR’s security posture.
FBI Alerts U.S. Organizations to Medusa’s Threat
Emerging in 2021, the Medusa ransomware group has ramped up its activities over the past couple of years, with notable previous attacks, including a significant breach of the Minneapolis Public Schools district in 2023. In that incident, the group leaked sensitive information on students and employees when a $1 million ransom demand went unanswered. Medusa has also targeted other sectors, including healthcare, telecommunications, and local government entities, demonstrating a broad operational reach and a willingness to expose vast quantities of internal data when ransoms are unmet.
Recently, Medusa garnered attention for using stolen digital certificates in March to disable anti-malware programs on infected systems—a tactic that enhances their ability to navigate through networks undetected. This pattern of behavior resulted in a joint advisory issued by the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) in March 2025, urging organizations to bolster their security measures. The advisory emphasized the necessity of implementing two-factor authentication and monitoring for unauthorized certificate use, highlighting the severity of the threat posed by Medusa’s operations.
NASCAR Remains Silent on the Incident
It is crucial to note that the information regarding this incident is primarily based on claims made by the Medusa group, and NASCAR has not yet made any public statement to confirm or deny these allegations. However, if the organization does verify the breach, it would not come as a surprise given NASCAR’s extensive revenue generation, amounting to hundreds of millions of dollars annually. This makes it a prime target for cybercriminals looking to exploit organizations with substantial financial assets.
This incident is not NASCAR’s first encounter with a ransomware attack. In July 2016, a notable NASCAR team faced a severe ransomware breach when a variant of the TeslaCrypt malware infected the computer of its chief. In that case, all files on the system were encrypted, and the attackers demanded payment in Bitcoin, illustrating the ongoing risks faced by organizations within the motorsport industry.
