Cyber Incident Victim: Silverstone Circuit
Date:
Nov 2022
Location:
United Kingdom
Summary
The Silverstone Circuit, a prominent UK motor racing venue hosting the British Grand Prix, experienced a ransomware attack claimed by the Royal ransomware gang. The group, described as relatively new but composed of experienced hackers previously affiliated with other ransomware operations, employs an encrypt-and-exfiltrate model using the .Royal file extension. Security analysts noted the ransomware's encryption is unbreakable and highlighted the gang's uncommon use of callback phishing campaigns. The incident prompted an investigation by the circuit's operators, though specific impacts on race operations or data exfiltration were not detailed in initial reports.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around November 8, 2022, the Silverstone Circuit, a prominent United Kingdom motor racing venue and host of the British Grand Prix since 1950, became the target of a ransomware attack. The Royal ransomware gang publicly claimed responsibility for the incident on November 8 by listing Silverstone on its victim leak site. The British Racing Drivers' Club (BRDC), which operates the circuit, acknowledged the claim on November 9, confirming through a spokesperson that they were investigating the matter. While the specific intrusion methods remained undisclosed, cybersecurity analysts identified Royal as a relatively new ransomware operation employing an encrypt-and-exfiltrate model, where attackers both lock systems and steal data for extortion. The group's ransomware was characterized as "secure" by Emsisoft threat analyst Brett Callow, indicating its encryption could not be broken through technical means.
The Royal group, assessed by Recorded Future's Allan Liska to consist of experienced hackers likely affiliated with prior ransomware operations, distinguished itself through specific tactics. Unlike many contemporary ransomware groups that generate random file extensions during encryption, Royal consistently used the ".Royal" extension for compromised files. The group had also been observed earlier in 2022 utilizing callback phishing campaigns—a less common tactic among ransomware actors involving fraudulent calls to victims under false pretenses to deploy malware. Silverstone's investigation focused on determining the scope of encrypted systems, potential data exfiltration, and operational impacts, though no disruptions to scheduled racing events were publicly reported at the time. The circuit's prominence as a Formula One and motorcycle racing venue underscored the potential reputational and operational risks associated with the attack. Cybersecurity professionals noted the incident highlighted Royal's continued activity despite being a newer entrant in the ransomware landscape.