NASCAR Team Pays Ransomware Fee To Recover Files Worth $2 Million

An anonymous reader writes: "NASCAR team Circle Sport-Leavine Family Racing (CSLFR) revealed today it faced a ransomware infection this past April when it almost lost access to crucial files worth nearly $2 million, containing car parts lists and custom high-profile simulations that would have taken 1,500 man-hours to replicate," reports Softpedia. "The infection took place on the computer belonging to CSLFR's crew chief. Winston's staff detected the infection when encrypted files from Winston's computer began syncing to their joint Dropbox account." It was later discovered that he was infected with the TeslaCrypt ransomware. Because the team had no backups of the crucial data, they eventually paid the ransom (around $500). This happened before TeslaCrypt's authors decided to shut down their operations and release free decryption keys.

Hey, dummies

Ever hear of revision control and backups?

Re:Hey, dummies

[Man+On+Pink+Corner]

Or Dropbox's "packrat" option? Yeah, good luck encrypting that.

Re:Hey, dummies

[mlts]

There are many ransomware-resistant solutions:

1: Pull backups. NetBackup, Veeam, and many others come to mind.
2: EMC Isilons offer SmartLock functionality that can be set to prevention deletion for everyone out but root on the physical Isilon console.
3: My little two drive NAS offers snapshots and backups to a USB hard drive. Malware can pop the current time, but just cd-ing to a directory to "#snapshot" and fetching the files is nice.
4: Amazon Glacier offers vault locks that once set after 24 hours, cannot be removed, even by the AWS owner. Set a WORM policy of 30-180 days, daily backups to that, call it done.
5: Good old fashioned tape drives. WORM cartridges are not expensive, although the drive unit is pretty pricy.

Is it the norm these days for backups to not be done, or people assume that RAID constitute as backups?

Re:Hey, dummies

In my experience, Windows sysadmins are usually fucking idiots. Some are good, but most are overpaid to craft bizarre, insecure, systems. I swear, the worse they are the more money they make. For example, granting Everyone read/write permissions (essentially chmod 777) on an entire web application directory to solve permission issues instead of just adding write permissions to the IIS user on the single directory that needs to be written to. Or creating convoluted AD rules that don't cascade without interfering with each other. Or disabling the filtering ASP.NET does by default to screen out XSS attacks by rejecting POST requests that contain HTML markup instead of having the application itself fixed in the one spot that needs to accept HTML markup (which it shouldn't do - it should be using markdown or something, but one step at a time). Not to mention using short, simple, passwords for sql users that access DBs that are accessible from the internet (instead of being on a VPN or even having a whitelist of IPs to accept connections from).

I've seen windows admins DISABLE THE ENTIRE FIREWALL on a server because they don't want to take the time to manage a list of exceptions (or, even scarier, don't know how to do it or that its even possible). Or even funnier say you don't need an antivirus on a Windows server because nobody is browsing shady sites on it. I guess worms didn't make it out of the 90s.

The fact they had no backup strategy does not shock me. It's fucking terrifying.

Re:Hey, dummies

[phantomfive]

Git was kind of designed (partly) to solve the backup problem......

Re:Hey, dummies

[mlts]

The ironic thing is that Windows servers have one of the easiest to use and most workable backup programs, wbadmin. From there, there is Veeam, and if one wants to stay in the MS ecosystem, there is MS DPM.

I would say part of the blame is that there is so much pressure to get stuff up and running, that stuff like security and backups fall to the wayside. For example, part of the cost in setting up a VMWare farm should be Veeam. However, backups tend to be ignored.

I'm sort of reminded of how people actually started practicing security when MS-DOS viruses started not just erasing hard disks, but zapping BIOS firmware and throwing monitors bogus refresh rates in order to have them fry. When hardware started getting destroyed, people started paying attention. I wonder how long it will take for the same thing to happen, once ransomware starts taking advantage of user permissions on the domain/tree/forest level and spreading via AD.

BACKUPS PEOPLE!

[thedarb]

SERIOUSLY!

Re:BACKUPS PEOPLE!

But, my backup is always linked with PC itself, exactly so the backup get synced... So if I get infected, the backup also gets infected.

Re:BACKUPS PEOPLE!

But, my backup is always linked with PC itself, exactly so the backup get synced... So if I get infected, the backup also gets infected.

Too bad this ransomware doesn't run on Linux or *BSD. So all together, you're another satisfied Microsoft customer?

Re:BACKUPS PEOPLE!

[zugmeister]

But... But... There was a backup! The files were on the laptop, and on the cloud (everything's safe and secure in the cloud, just ask a cloud services provider salesman), and on everyone else's computer that used that Dropbox account.

All snark aside, you wanna know what's really awesome? If just ONE computer that used that Dropbox account had good backups going, they could have restored the whole mess from there. Restore for only $500? They should have offered to take those scammers out to dinner as well.

Re: BACKUPS PEOPLE!

But this one does, "linux.encoder"

Re: BACKUPS PEOPLE!

Or, you know, use revision control that's built into Dropbox

Re:BACKUPS PEOPLE!

[vlueboy]

Stories like this one have been pushing me to back up our thousands of photos before mother gets hit with some cryptoware and we lose it all (one of our neighbors lost it all when her kids got Cryptowalled).

I'm finally doing something about it, and was just sitting next to the PC watching Youtube to figure out what to do after installing the new 2TB internal drive. I have been scratching my head thinking of something that won't require Cygwin / rsync and will interact with Windows 7 backup files in case I need to use Linux. Since I did pay for my Ultimate upgrade, I'm planning to use it exclusively if push comes to shove, so I'm this close to just sticking the disk in and forgetting about Linux compat. I might just buy a separate disk and do SystemRescueCD images later, if needed be, but my experience says that leads to needless duplication, and I haven't found filesystem agnostic deduplication in OSS.

Thanks

Re: BACKUPS PEOPLE!

I can second this having actually used dropbox revision control to recover documents after they had become corrupted. Dropbox keeps a 30 day record of all your revisions by default even on the most basic plan. Now you can pay extra to get an infinitely long revision history.

Re:BACKUPS PEOPLE!

[NotAPK]

Crashplan.

It's not perfect, and I'm skeptical of the business behind the operation, but it allows any host to backup to any other host. On top of this it offers encryption, deduplication, and snapshots, though the free version limits you to a daily backup - though that's most enough for most needs.

Choose your most trusted host, add the 2TB drive to that computer, install Crashplan, configure the inbound backups and point the software at the external drive.

Now from the rest of the hosts, choose to backup to the trusted host.

This may not do 100% of what you want, but I'd recommend looking into it. With some massaging you should be able to get what you want. The best feature is teaming up with a friend: let them backup to your house, and you backup to theirs. Simple.

Re:BACKUPS PEOPLE!

[JeffOwl]

For reasons that are all to obvious right now you are probably realizing that having that as your only backup is not a great idea. Sure, what you have is probably better than most, but if you really care about your data you need to periodically backup to something that isn't on-line whenever your computer is on.

Re:BACKUPS PEOPLE!

Then it's not a backup, is it? You've replicated the data, but you have not backed it up.

Oh Yay

More softpedia spam. It's slashdot's new newscientist.

Because the team had no backups of the crucial dat

> Because the team had no backups of the crucial data ... Worth $2 Million

Idiots. Absolute morons.

What would happen if that laptop got stolen? Or dropped. Or rained on. Or run over? Or caught fire? Or corrupted. Or just plain files deleted by accident?

I have no sympathy for data loss when there was no backup. If it's not important enough to have a back-up, then it wasnt important.

Re:Because the team had no backups of the crucial

They can only turn left. What do you expect?

Now for a real news source

Regurgitating regurgitated old news is getting nauseatingly old.

This shows the need for Backups

[MpVpRb]

Computer hardware can, and will, fail..often at the worst possible time

Anybody who cares about their data should have backup. Multiple layers of backup, some offsite (I know I do)

Then, ransomware attack = hardware failure..annoying, but recoverable

I want that Job!!

$2,000,000 / 1,500 = 1,333.33 Per Hour. That is CEO Money!!!

Re: I want that Job!!

I'm glad I'm not the only one who noticed this!

Re:I want that Job!!

$2,000,000 / 1,500 = 1,333.33 Per Hour. That is CEO Money!!!

Not quite. They may have a team of employees, and they may be renting equipment, or budgeting the computer time.

Re:I want that Job!!

1,500 Man Hours So that covers any team.
So what is 1500 Hours of Computer time?
or even 37.5 weeks.

Re:I want that Job!!

I have a friend who builds race motors for among other things, NASCAR. This sort of hourly rate is pretty typical in the motorsport engineering industry.

While he does quite well, it's important to remember that it is his client rate that is about that. That has to cover the cost of his CNC toolroom, his downtime, building customer relations, travel and marketing, etc.

For every hour you pay a skilled contractor for, there may be 10 hours of overhead they are building into the price.

I have a rate of about $300/h, depending on how I need to bid to win work, and about 4:1 overheads, meaning I'm putting in 3 unpaid hours for every billed hour. This time goes into system and lab maintenance, study, equipment acquisitions and last but not always least, faking it; doing unpaid hours to finish a job that I massively fucked up the quoting on.

No Reverse Gear.

[zenlessyank]

So no backing up!!

And now they all run *nix.

Like duh?

*facepalm*

[mentil]

crucial files worth nearly $2 million

would have taken 1,500 man-hours to replicate

the team had no backups of the crucial data

*facepalm*
I expect the ransomware market to explode in the near future as more stories like this come out. Expect self-aware malware that asks for more money if the data is more important.

Re:*facepalm*

Riddle me this....

Given the absolutely dismal record of this racing team, how could they possibly have $2M in crucial files? Forget the NASCAR Moron aspect, just how are they funded, and why, and why were they picked out? My guess is that financial records are the ones they were most worried about, and not Pep Boys parts cross-references.
(Sponsorship is provided primarily by two non-profit "Christian" businesses, Thrivent Financial and K-Love...)

Re:*facepalm*

They probably weren't "picked out." The normal vector for crypto ransomware is massive spam blasts. Mr. Crew Chief got a random email from some guy in outer fuckistan, opened it up, and ran the attachment.

Re:Real Source

Forbes is based on this: http://www.cslfr95.com/news/?c...

Re:Because the team had no backups of the crucial

Giving money to criminals as payment for their criminal activity is supposed to be illegal. Maybe if there was more prosecution people would get the message.

Oh wait . . . this is NASCAR. Never mind.

NASCAR: we R 2 dumb

[JustAnotherOldGuy]

"Because the team had no backups of the crucial data..."

(sigh) Seems like someone at the NASCAR IT department needs adult supervision.

Re:NASCAR: we R 2 dumb

Or management needs to give them time and budget for backups.

Re:NASCAR: we R 2 dumb

It's only $2 million. A $200 hard drive would have eaten into their profits.

Re:NASCAR: we R 2 dumb

The summary implies that it was a racing team, not NASCAR itself. NASCAR makes the rules, but I guess there's lots of tweaking you can do within the rules, hence the $2 million investment in simulations, which yeah, should really be backed up; but it sounds like a problem at that individual team, not NASCAR.

Re:NASCAR: we R 2 dumb

Nascar has got nothing to do with this story.

Idiots...

[wbr1]

One.. no proper backup plan.

Two... dropbox keeps revisions. They didn't have to pay most likely.

*sigh*

[Gravis+Zero]

With all these idiots paying out ransoms and nobody getting caught, I feel like I went into the wrong line of work! It's depressing how dumb people can be when it comes to computers.

They didn't face a "ransomware infection"

[gavron]

Let's face it. We can either help other people not end up like these people, or we can gloat.

In the interest of helping:
1. Install the anti-malware software BEFORE you get pwn3d. Sure, it won't help against zero-day exploits, but it will defeat the other 99%.

2. Don't user your critical data server as a web-browser or email client. Period.

3. Use a rolling OFFLINE backup strategy so you maintain multiple OFFLINE backups of your critical data so you can restore to yesterday, last week, two weeks ago, etc.

4. Use a revision control system (RCS) so that when 150,000 files change, instead of checking in the changed files it freezes things and alerts you.

5. The number one mistake: Overconfidence, ego, and hubris. If you're a NASCAR team and can afford a guy to check tire temperatures at every pit stop, for FUCK'S SAKE HIRE AN IT GUY to set up your simulation server... instead of having it be on some idiot's laptop who surfs the web and gets infected. Sure, we don't want to blame the victim, but see points 1-4 above. This is exactly the same as every hospital that gets infected... every police department that gets infected... etc. The same incompetence, lack of understanding of the problem, lack of mitigation, and finally the ego.

Ehud Gavron
Tucson AZ

Re: They didn't face a "ransomware infection"

[pinkushun]

Translated into a well placed car analogy: Always have a backup car.

Re:They didn't face a "ransomware infection"

This is a low budget team. They are scraping by as it is.

It's no excuse, but half of the cars you see on the track on Sunday struggle to survive from week to week. If it is a choice between an IT guy and a tire changer, which one do you think they will choose?

Makes complete sense

Come on, the files are only worth $2 mil. I mean honestly, I won't lift a finger to make sure my files are safe unless I'm dealing with at least a quarter bil.

Also, this is a NASCAR team we're talking about. They have other priorities to think about, like practising left turns.

Re: Because the team had no backups of the crucial

They're not ambiturners [magnum face]

so $2 million? really!!!!

I don't get what's worth 2 million bucks. Is it just some number that justifies paying the ransom? Why not $5 million, or $2.356 million? Was the simulation run on the laptop? Seems like this would be a waste of time. Was the laptop online for 1500 hours? If not was there a SaaS provider that ran the simulation? Looks to me like someone got caught justifying the payment and needed to make it look like a necessity rather than foolishness.

Only 500 bucks?

Isn't that a pocket change to the real NASCAR owners?

Backup, what's that?

It's clear even people with valuable files never bother to back up their files properly. They probably assumed DropBox was enough of a backup and so any kind of local backup was not needed.

SNAPSHOTS PEOPLE!

SERIOUSLY!

Even simpler: snapshots.

What modern file server does not support these? Take daily/nightly snapshots of all your shares/exports, keep them around for a week or so, and you can roll-back fairly quickly.

Of course backups (def: a coherent copy of data on independent media) are a must as well, but this is solved much more simply and quickly.

Re:Because the team had no backups of the crucial

[Imrik]

They would have restored the files from the Dropbox account, it's not that there were no backups, it's that the backups were updated to be encrypted as well.

Re:Because the team had no backups of the crucial

[phantomfive]

Yeah, they were lucky that these files only got encrypted, which means they could get them back.

Re:Because the team had no backups of the crucial

[phantomfive]

Mirroring is not backup, not at all.

WINDOWS PEOPLE!

Neither the article or the links mentioned the fact that this ransomware, TeslaCrypt, only affects WINDOWS. SERIOUSLY!

Will they learn?

[ebvwfbw]

Have to wonder, now do they backup their stuff? Then, how long will they do that if they are. 3 months, 9 mo, year... Then why bother. Whammo!