NoEscape ransomware group claims major cyber attack on California's City of Victorville

The City of Victorville in the US state of California said it suffered a significant cyber attack that compromised the sensitive personal information of its residents.

In a data incident notification, City officials said that the City recently identified suspicious activities in its internal network and launched an investigation with assistance from third party cyber security experts to understand the nature and scope of the incident.

“The investigation found that, between August 12, 2023, and September 26, 2023, an unauthorised actor gained access to certain files within our network containing some personal information,” the notice reads.

The compromised information includes names, Social Security numbers, driver’s license numbers,  state identification card numbers, medical information, and health insurance policy numbers.

In a post shared on Facebook on 26 September, the City said, “We are experiencing technical issues, and our #cityofvv website and phone services are temporarily unavailable. This impacts our online bill pay site and online form submittals. No late fees or utility shutoffs will be assessed while the system is down.

“We apologise for the inconvenience as we work to resolve these issues. If you need assistance, we have set up a number of temporary service lines to receive all inquiries. We will post again when our services are up and running.”

In another Facebook post published on 4 October, the City confirmed that while its phone lines and website have been restored, several other web based applications are still under maintenance.

The relatively-unknown NoEscape ransomware group has reportedly claimed responsibility for the cyber attack on the City of Victorville and listed the latter as a victim on its data leak site. The group claims to be in possession of around 200 gigabytes of confidential data and is willing to publish the same unless its demands are met.

“If you guys in the City Council continue to remain silent, we are ready to destroy your network! In addition, we will create problems for you that you don’t even suspect because we are ready to publish here not only 200GB of data,” the group said.

 

In February, the City of Modesto in California also experienced a cyber attack that affected portions of its computer systems.

“Upon discovering the incident, we promptly took action to secure the network, commenced an investigation, and a third-party cybersecurity firm was engaged to assist. During the course of the investigation, the City learned that some data was accessed during the incident between January 31, 2023, and February 3, 2023,” the City’s data incident notification read.

The City’s internal investigation revealed that the files accessed by threat actors contained sensitive personal information including names, addresses, Social Security numbers, medical information included in work status reports, driver’s license numbers, and/or state-issued identification numbers.

The notorious Snatch ransomware group claimed responsibility for the cyber attack on the City but did not share how much data was exfiltrated from the City’s internal systems.