You can’t outrun ransomware: either prevent it, or pay up. Maybe that’s the lesson from the latest high profile ransomware victim: the NASCAR team Circle Sport-Leavine Family Racing (CSLFR).
Days before CSLFR planned to field Michael McDowell in Chevy No. 95 at Texas Motor Speedway, strange things started happening to one of its critical test computers. According to detailed coverage at NASCAR.com, crew chief Dave Winston began encountering early signs that something wasn’t quite right:
I started seeing [random files] and said ‘What is this?’ I clicked on one… and I don’t remember if it came up with an actual picture of something, but what it looked like was a screen shot … of a logo or an email or something like it.
I kept working and didn’t think anything of it. But as I went on through the day I saw more and more… I deleted a couple of them and just kept on going.
Later…
All of a sudden every file I tried to open was encrypted and I couldn’t open anything. Needless to say, it sent fear running through my body really quick. You understand how much information we use. Nothing of course was backed up because nobody ever backs up their computers until it’s too late…
The ransomware had locked down some utterly critical data: chassis information, wind tunnel spreadsheets, simulations, track data, test facility data, personnel information, car part lists, and according to Catchfence.com, “custom high-profile simulation set-ups valued at $2 million.”
We couldn’t go one day without it greatly impacting the team’s future success. This was a completely foreign experience for all of us, and we had no idea what to do… if we didn’t get the files back, we would lose years’ worth of work, millions of dollars.
So the team gave itself a quick, high-pressure lesson in bitcoin technology, set up its bitcoin wallet, found a bitcoin ATM at a local convenience store, made its $500 payment and – hours later – got the files back.
And, it looks like the team found itself a big silver lining: one that won’t be available to many ransomware victims. Its new security technology provider, Malwarebytes, signed up as a sponsor for the rest of the 2016 Sprint Cup season.
Now, says Winston:
We’re working together with them to try and make it known to people that this can happen to anybody. You’re not immune to it; everybody is susceptible to it.
That’s wisdom – earned the hard way, and fast!
Robert Scroggins
Perhaps they should have checked to see if there was a free decryption routine available. Some computer security projects–like Bleeping Computer, Emsisoft, and others have them for different variants of ransomware.
gregpbarth@gmail.com
What a great sponsor story….
jet86
“Nothing of course was backed up because nobody ever backs up their computers until it’s too late…”
Lots of people do in fact back up their computers before it’s too late, but sadly not everyone.
Lee
I’ll offer my services to support there IT systems on a nice lucrative contract :)
Anthony
A little strange that the person using the critical test computer knows little to nothing about ransomware and had not even heard of it before. Either the people they are hiring are completely incompetent or not experienced enough for the role. How can they not make backups, let alone dismiss them? Anyone knows the importance of backups. More than just anti-ransomware protection, they need to train their staff and keep them up to date with the latest on what’s going on in the tech world. There are many tools to remove ransomware which are available for free online, like Rollback Rx, Toolwiz Time Freeze and even from antivirus companies’ themselves.