NASCAR Team Pays Ransomware Fee To Recover Files Worth $2 Million

An anonymous reader writes: "NASCAR team Circle Sport-Leavine Family Racing (CSLFR) revealed today it faced a ransomware infection this past April when it almost lost access to crucial files worth nearly $2 million, containing car parts lists and custom high-profile simulations that would have taken 1,500 man-hours to replicate," reports Softpedia. "The infection took place on the computer belonging to CSLFR's crew chief. Winston's staff detected the infection when encrypted files from Winston's computer began syncing to their joint Dropbox account." It was later discovered that he was infected with the TeslaCrypt ransomware. Because the team had no backups of the crucial data, they eventually paid the ransom (around $500). This happened before TeslaCrypt's authors decided to shut down their operations and release free decryption keys.

Re:

[Man On Pink Corner]

Or Dropbox's "packrat" option? Yeah, good luck encrypting that.

Re:

[mlts]

There are many ransomware-resistant solutions:

1: Pull backups. NetBackup, Veeam, and many others come to mind.
2: EMC Isilons offer SmartLock functionality that can be set to prevention deletion for everyone out but root on the physical Isilon console.
3: My little two drive NAS offers snapshots and backups to a USB hard drive. Malware can pop the current time, but just cd-ing to a directory to "#snapshot" and fetching the files is nice.
4: Amazon Glacier offers vault locks that once set after 24 hours,

Re:

[mlts]

The ironic thing is that Windows servers have one of the easiest to use and most workable backup programs, wbadmin. From there, there is Veeam, and if one wants to stay in the MS ecosystem, there is MS DPM.

I would say part of the blame is that there is so much pressure to get stuff up and running, that stuff like security and backups fall to the wayside. For example, part of the cost in setting up a VMWare farm should be Veeam. However, backups tend to be ignored.

I'm sort of reminded of how people actual

Re:

[phantomfive]

Git was kind of designed (partly) to solve the backup problem......

BACKUPS PEOPLE!

[thedarb]

SERIOUSLY!

Re:

[JeffOwl]

For reasons that are all to obvious right now you are probably realizing that having that as your only backup is not a great idea. Sure, what you have is probably better than most, but if you really care about your data you need to periodically backup to something that isn't on-line whenever your computer is on.

Re:BACKUPS PEOPLE!

[zugmeister]

But... But... There was a backup! The files were on the laptop, and on the cloud (everything's safe and secure in the cloud, just ask a cloud services provider salesman), and on everyone else's computer that used that Dropbox account.

All snark aside, you wanna know what's really awesome? If just ONE computer that used that Dropbox account had good backups going, they could have restored the whole mess from there. Restore for only $500? They should have offered to take those scammers out to dinner as well.

Re: BACKUPS PEOPLE!

[Anonymous Coward]

Or, you know, use revision control that's built into Dropbox

Re:

[Anonymous Coward]

I can second this having actually used dropbox revision control to recover documents after they had become corrupted. Dropbox keeps a 30 day record of all your revisions by default even on the most basic plan. Now you can pay extra to get an infinitely long revision history.

Re:

[vlueboy]

Stories like this one have been pushing me to back up our thousands of photos before mother gets hit with some cryptoware and we lose it all (one of our neighbors lost it all when her kids got Cryptowalled).

I'm finally doing something about it, and was just sitting next to the PC watching Youtube to figure out what to do after installing the new 2TB internal drive. I have been scratching my head thinking of something that won't require Cygwin / rsync and will interact with Windows 7 backup files in case I

Re:

[NotAPK]

Crashplan.

It's not perfect, and I'm skeptical of the business behind the operation, but it allows any host to backup to any other host. On top of this it offers encryption, deduplication, and snapshots, though the free version limits you to a daily backup - though that's most enough for most needs.

Choose your most trusted host, add the 2TB drive to that computer, install Crashplan, configure the inbound backups and point the software at the external drive.

Now from the rest of the hosts, choose to backup to

Because the team had no backups of the crucial dat

[Anonymous Coward]

> Because the team had no backups of the crucial data ... Worth $2 Million

Idiots. Absolute morons.

What would happen if that laptop got stolen? Or dropped. Or rained on. Or run over? Or caught fire? Or corrupted. Or just plain files deleted by accident?

I have no sympathy for data loss when there was no backup. If it's not important enough to have a back-up, then it wasnt important.

Re:Because the team had no backups of the crucial

[Anonymous Coward]

They can only turn left. What do you expect?

Re:

[Imrik]

They would have restored the files from the Dropbox account, it's not that there were no backups, it's that the backups were updated to be encrypted as well.

Re:

[phantomfive]

Mirroring is not backup, not at all.

Re:

[phantomfive]

Yeah, they were lucky that these files only got encrypted, which means they could get them back.

This shows the need for Backups

[MpVpRb]

Computer hardware can, and will, fail..often at the worst possible time

Anybody who cares about their data should have backup. Multiple layers of backup, some offsite (I know I do)

Then, ransomware attack = hardware failure..annoying, but recoverable

I want that Job!!

[Anonymous Coward]

$2,000,000 / 1,500 = 1,333.33 Per Hour. That is CEO Money!!!

No Reverse Gear.

[zenlessyank]

So no backing up!!

And now they all run *nix.

[Anonymous Coward]

Like duh?

*facepalm*

[mentil]

crucial files worth nearly $2 million

would have taken 1,500 man-hours to replicate

the team had no backups of the crucial data

*facepalm*
I expect the ransomware market to explode in the near future as more stories like this come out. Expect self-aware malware that asks for more money if the data is more important.

Re:Real Source

[Anonymous Coward]

Forbes is based on this: http://www.cslfr95.com/news/?c... [cslfr95.com]

NASCAR: we R 2 dumb

[JustAnotherOldGuy]

"Because the team had no backups of the crucial data..."

(sigh) Seems like someone at the NASCAR IT department needs adult supervision.

Idiots...

[wbr1]

One.. no proper backup plan.

Two... dropbox keeps revisions. They didn't have to pay most likely.

*sigh*

[Gravis Zero]

With all these idiots paying out ransoms and nobody getting caught, I feel like I went into the wrong line of work! It's depressing how dumb people can be when it comes to computers.

They didn't face a "ransomware infection"

[gavron]

Let's face it. We can either help other people not end up like these people, or we can gloat.

In the interest of helping:
1. Install the anti-malware software BEFORE you get pwn3d. Sure, it won't help against zero-day exploits, but it will defeat the other 99%.

2. Don't user your critical data server as a web-browser or email client. Period.

3. Use a rolling OFFLINE backup strategy so you maintain multiple OFFLINE backups of your critical data so you can restore to yesterday, last week, two weeks ago, etc.

4

Re: They didn't face a "ransomware infection"

[pinkushun]

Translated into a well placed car analogy: Always have a backup car.

Will they learn?

[ebvwfbw]

Have to wonder, now do they backup their stuff? Then, how long will they do that if they are. 3 months, 9 mo, year... Then why bother. Whammo!