No. 95 NASCAR team’s data held for ransom in cyber attack

Dave Winston of Circle Sport-Leavine Family Racing seen in May, shortly after the ransomeware attack.

Nigel Kinrade/LAT Photo USA

Here’s a truly scary story: In April, Circle Sport-Leavine Family Racing fell victim to an online data attack, with three of the company’s computers infected by TeslaCrypt ransomware.

Ransomware seizes a computer’s critical data and allows criminals to hold that data hostage.

In the case of CSLFR, the data taken hostage contained detailed setup information and notes from crew chief Dave Winston, car part lists, and custom high-profile simulation set-ups valued at $2 million. To recreate this data, it would have taken the team nearly 1,500 man-hours, the team said.

In an exclusive interview with, Winston said the attack came in April prior to the Texas race.

“We were getting ready to go and on Tuesday afternoon, I was heading up to (Richard Childress Racing) and one of the engineers from the shop called me and said, ‘Hey, your computer is doing some odd things and loading quite a few files to Dropbox,’ which is what we use to house all our data,” said Winston.

New details emerge in the attack on Mike Wallace and his daughter

When he got to RCR, Winston turned on the computer he had with him. “I fired my computer up, and sure enough, the first file I tried to open popped up a screen that said that all my files had been encrypted and I have to pay a ransom to get them back,” said Winston.

“First you don’t want to believe it, but every file I tried to open had the same thing,” said Winston. “You know in this sport, the computers have so much information on them, whether it’s track data or wind-tunnel data, engine data, personnel issues, parts issues — all sorts of information.”

The hackers demanded that the team pay a ransom within 48 hours or the data would be lost forever. There was no choice but to pay the ransom and no way to track down who launched the attack, said Winston.

“Panic sets in,” said Winston. “We’re a small team and we’re trying to do everything we can and make sure we keep everything straight. Having a history and information to go back to is key.”

It was a stunning blow to the squad.

“We made the decision that we would pay it (the ransom) and hope that we would get it (the data) back,” said Winston. “We had to learn about bitcoins and all sorts of ways to make the payments because they wanted it anonymous of course.”

Once the payment was made, the criminals sent an encryption key that allowed the team to recover their data. And then the team decided to act to prevent future attacks.

After the incident, CSLFR has formed a partnership with Santa Clara, Calif.-based Malwarebytes, which offers malware prevention and remediation solutions.

Now, all the race team’s computers carry Malwarebytes Anti-Malware to protect its data.

Unfortunately, what happened to CSLFR is not unique.

“Ransomware has been around for a few years, but during 2015, law enforcement saw an increase in these types of cyber attacks, particularly against organizations because the payoffs are higher,” the FBI stated in a report issued in late April.

“And if the first three months of this year are any indication, the number of ransomware incidents — and the ensuing damage they cause — will grow even more in 2016 if individuals and organizations don’t prepare for these attacks in advance.”