The Medusa ransomware gang has escalated its campaign of cyber extortion by targeting NASCAR (National Association for Stock Car Auto Racing). The group has listed the organization on its dark web leak site, demanding a ransom of $4 million and threatening to publish sensitive internal data if the payment is not made. Alongside NASCAR, Medusa claims several other victims, including McFarland Commercial Insurance Services, Bridgebank Ltd, and Pulse Urgent Care.
Recent reports indicate that the hackers have posted 37 document images related to NASCAR as proof of their breach. These images, reviewed by Hackread.com, reportedly contain a variety of sensitive content, including corporate branding elements, facility maps, employee contact details, and potentially damaging internal notes and photographs. Evidence suggests a significant compromise of operational data, raising serious concerns about the integrity of NASCAR’s internal communications.
The FBI had previously warned U.S. organizations about the rising threats posed by the Medusa ransomware group in a March 2025 advisory. The group, noted for its aggressive tactics, first emerged in 2021 and has since executed multiple attacks, notably targeting educational institutions and healthcare organizations, where they publicly leak sensitive data after ransom demands go unfulfilled. Recently, the gang’s ability to disable anti-malware defenses using stolen digital certificates has further heightened the risks associated with their operations.
While Medusa has made bold claims regarding the NASCAR breach, the organization has yet to respond or confirm the incident. If validated, the breach could signify a severe security failure, considering NASCAR’s financial clout, which reportedly generates hundreds of millions in revenue annually. This incident represents a continuation of Medusa’s trend of targeting prominent entities, further asserting their place in the growing landscape of cybercrime.