Medusa Ransomware Claims NASCAR Breach in Latest Attack
The Medusa ransomware gang has added another high-profile name to its growing list of victims. Earlier today, the group listed NASCAR (National Association for Stock Car Auto Racing) on its dark web leak site, demanding a $4 million ransom and threatening to release internal data if payment isn’t made. Alongside NASCAR, the group is also claiming McFarland Commercial Insurance Services, Bridgebank Ltd, and Pulse Urgent Care as new victims.
As seen by Hackread.com, the hackers have already posted 37 document images related to NASCAR as proof. A review of one of the blurred images shows a mix of corporate branding materials, facility maps, spreadsheets with employee contact details, and what looks like internal notes and photographs.
A quick analysis of the leaked documents suggests some of the content includes detailed maps of raceway grounds, email addresses, names and titles of staff, and credential-related info, which suggests a real compromise of operational and logistical data.
The Medusa group was first spotted in the wild back in 2021, but its activity has picked up speed over the past couple of years. One of its better-known attacks was against the Minneapolis Public Schools district in 2023, where the group leaked sensitive student and employee data after a $1 million ransom demand went unmet. They’ve also targeted hospitals, telecom firms, and municipalities, often dumping large amounts of internal files when ransoms aren’t paid.
More recently, Medusa made the news just a couple of weeks ago for using stolen digital certificates to disable anti-malware tools on infected systems. That tactic, which was flagged in a March 25 report, allowed them to operate within networks and avoid detection.
On March 13 2025, the FBI and CISA issued a joint advisory urging organizations to strengthen their defenses. The advisory specifically recommended enabling two-factor authentication and monitoring systems for signs of unauthorized certificate use, clearly concerned about the direction Medusa’s attacks were heading.
NASCAR pulls in hundreds of millions of dollars in revenue each year, so it’s not surprising that the Medusa ransomware gang would go after them. But what this really highlights is that no matter how much money a company makes, strong cybersecurity still often takes a backseat.
Nevertheless, for now, it’s unclear if NASCAR plans to negotiate or pay the ransom. But given Medusa’s track record, more data leaks are likely if the ransom isn’t paid within the timeframe set by the attackers.
