Tech by VICE

How Ransomware Led to a NASCAR Sponsorship

A NASCAR crew chief got an unwelcome crash course in Bitcoin and ransomware, but at least he got a sponsorship deal out of it.

by Daniel Oberhaus
Jun 26 2016, 8:00pm

Image: Flickr/proby458

Each of the 40 drivers participating in today's Toyota/Save Mart 350 at Sonoma Raceway will be racing in a car decked out with the logos of their sponsors, and in this respect Michael McDowell's vehicle (#95) isn't much different. Yet a closer inspection of McDowell's Toyota will reveal a new logo adorning the rear fender representing the malware repair and prevention company Malwarebytes—and unlike many drivers, McDowell's relationship to his newest sponsor is quite personal.

As detailed by Kenny Bruce in a recent article on NASCAR's website, the story of McDowell's Malwarebytes sponsorship begins with a hostage situation involving the data on the office computer of his racing team, Circle Sport-Leavine Family Racing.

It was just before the Duck Commander 500 at Texas Motor Raceway last April when Dave Winston, CSLFR's crew chief, began noticing unfamiliar files were appearing on his computer at the racing company. According to Winston, when he would click on the files they looked as if they were screenshots of logos or emails. Still, Winston thought little of it, deleted a few of the files, and continued his preparations for the upcoming race.

Later on the same day the strange files began appearing, Winston was headed to a meeting with another racing company when the CSLFR team's engineer called him with bad news: files from Winston's work computer were automatically being uploaded to the team's Dropbox. When he tried to check his computer to get to the bottom of the problem, he found that all of his files were encrypted and impossible to access.

Winston's computer had been infected with ransomware, and Winston had not backed up any of his files.

As its name suggests, ransomware is a particular type of computer virus which works by holding the data on a computer for ransom by encrypting the information until a certain sum is paid to the originator of the virus. Once a computer is infected, it's nearly impossible to recover the information without paying the sum being demanded. In the last year, the number of ransomware attacks has increased by 500 percent and become what some data security analysts have described as an 'epidemic.'

It's unknown how Winston's computer became infected, but it was likely through a malicious email attachment, the Trojan horse of choice for hackers dealing in ransomware. The ransom demanded was $500 in Bitcoin—a small price to pay when the data in question is crucial racing information needed to help McDowell prepare for the upcoming race. The only problem was Winston had no idea how to go about getting Bitcoin.

Luckily for Winston and his team, there was a Bitcoin ATM located in a gas station only a few miles from the CSLFR team office. After the racing team's IT people downloaded a bitcoin wallet, Winston purchased $500 in Bitcoin from the ATM and paid the ransom. The key to decrypt his files was delivered the morning after he paid.

As Winston waited to regain access to all of his files, the IT personnel at CSLFR and another racing team that had helped resolve the data hostage situation kept mentioning a company called Malwarebytes. According to them, this company could help prevent similar attacks in the future, something which Winston's recently personal history informed him was a threat worth taking seriously. To make a long business deal short, Winston reached out to Malwarebytes for technical support and ended up with one of NASCAR's newest sponsorship arrangements, all thanks to some crypto-thieves.