NASCAR Team’s Ransomware Attack Shows that Malware is a Danger to SMBs

More is at risk, right now, than sick patients. While hospitals have overwhelmingly been the target of ransomware attacks in the headlines—Methodist Hospital in Henderson, Kentucky, which got hit by Locky ransomware in March, plus three other California hospitals which got hit in that same month, and Hollywood Presbyterian hospital that got hit in February—the great majority of attacks don’t make the news. The fact that ransomware authors are targeting hospitals is deeply troubling, of course, but ransomware is also putting the culture of entrepreneurship at risk.

NASCAR is probably not something that you think about when you think about ransomware (what is ransomware?). A few people would probably be surprised to learn that NASCAR has anything to do with computers whatsoever. Racing teams do keep a library of complex technical information, however, which allows them to custom-tune their vehicles in order to provide as much speed, acceleration, and performance as possible. This information is their life’s blood.

Back in April, one team—Circle Sport-Leavine Family Racing—got hit by ransomware. The total value of information that got encrypted? Two million dollars.

As the linked article demonstrates, the racing team had literally zero antivirus protections. They were struck by a ransomware variant known as Teslacrypt, whose developers were actually shutting down their operations at the time. Although the team owners did pay a $500 ransom, they couldn’t figure out how to use the decryption key they were given, until they sought outside assistance. All of this isn’t to mock the individuals who were struck, of course—it’s to highlight the unique danger that ransomware poses to small businesses and startups.

How many startups and small businesses consist of roughly ten people with laptops, no designated IT personnel, and no standard antivirus controls? Probably a lot of them, at least in the initial phases of their existence. These businesses are usually formed around a single idea. Sometimes that idea is “what’s the best way to tune a car?” Sometimes, that business is a future Facebook, Apple, Google, or Amazon—which all got their start in a garage.

What if, just as Sergey Brin and Larry Page started to spin up the code for Google search, they’d found it all encrypted by ransomware? Would they have paid a $500 ransom? Did either of the founders have $500 at the time? Would we all still be using Ask Jeeves to search the internet? These may sound like abstruse questions, but one can’t dismiss the nagging concern that somewhere in the world right now, an entrepreneur with a great idea is grappling with the same set of issues.

Ransomware is a really dangerous problem, and it’s compounded by the fact that its authors aren’t limiting themselves to specific targets. Even though it looks like ransomware authors are going after hospitals, those are simply the examples that make the most headlines. Small businesses are the next most obvious target. Unlike hospitals, however, some of them simply won’t be able to pay up.

Do you run a small or medium business? Are you anxious to learn how to prevent your IP from being stolen or destroyed by criminals? Check out our white paper, “Ransomware is Here: What You Can Do About It,” and contact SentinelOne today.