Ransomware Attacks in CA

Attack Date Entity Location Entity Type Ransom Paid Amount Paid FOIA Req AV Before AV After
2021-05 Scripps Health Care San Diego, CA Medical Unknown $
2021-01 Granite Wellness Centers Grass Valley, CA Medical Unknown $
2020-10 City of Shafter Shafter, California Municipality Unknown $
2020-09 Newhall School District Santa Clarita, California Education Unknown $
2020-08 Selma School District Selma, California Education Unknown $
2020-08 Imperial Valley College Imperial Valley, California Education Unknown $
2020-06 University of California, San Francisco San Francisco, California Education Unknown $
2020-05 Francis Parker Schools San Diego, California Education Unknown $
2020-03 City of Torrance Torrance, California Municipality Unknown $ Symantec
2020-01 Mountain View Los Altos Union High School Mountain View, California Education Unknown $
2020-01 Contra Costa County Library Clayton, California Municipality Unknown $ SentinelOne SentinelOne
2019-12 Enloe Medical Center Chico, California Medical Unknown $
2019-12 Pittsburg High School Pittsburg, California Education Unknown $
2019-12 City of Seal Beach Seal Beach, California Municipality Unknown $
2019-12 Town of Galt Galt, California Municipality Unknown $
2019-10 San Bernardino City Unified School District San Bernardino, California Education $ Sophos Sophos
2019-09 Wood Ranch Medical Simi Valley, California Medical No $
2019-06 Marin Community Clinics Novato, California Medical Yes $ N/A
2019-04 City of Lodi City Lodi City, California Municipality No $ Kaspersky, Symantec
2019-04 Imperial County El Centro, California Municipality Unknown $ Yes Sophos Sophos
2019-04 Shingle Springs Health and Wellness Center Placerville, California Medical Unknown $ N/A
2018-12 Podiatric Offices of Bobby Yee Salinas, California Medical Unknown $ N/A
2018-09 Port of San Diego San Diego, California Municipality Unknown $ Yes Comodo Palo Alto
2018-09 Redwood Eye Care Vallejo, California Medical Unknown $ N/A
2018-07 Port of Long Beach Long Beach, California Other Unknown $ N/A Palo Alto Palo Alto
2018-02 Center for Orthopedic Specialists West Hills, California Medical Unknown $ N/A
2018-01 Sacramento Bee Sacramento, California Other No $ N/A
2017-12 Stanislaus County Modesto, California Municipality Unknown $ Yes
2017-11 Sacramento Regional Transit Sacramento, California Municipality No $ Yes Symantec Carbon Black
2017-11 Golden Optometrics West Covina, California Medical No $ N/A
2017-09 San Ysidro School District San Ysidro, California Education No $ Yes
2017-06 Pacific Alliance Medical Center Los Angeles, California Medical Unknown $ N/A
2017-06 KQED San Francisco San Francisco, California Other Unknown $ N/A
2017-01 Los Angeles Community College District Los Angeles, California Education Yes $28000 N/A McAfee
2016-11 Gurnick Academy San Mateo, California Education No $ N/A
2016-11 San Francisco Transportation Municipality Agency San Francisco, CA Municipality No $ Yes ESET ESET
2016-10 East Valley Community Health Center West Covina, California Medical No $ N/A
2016-09 City of Yuba City Yuba City, California Municipality No $ Yes Symantec Symantec
2016-08 Marin Medical Practice Concepts Novato, California Medical Yes $ N/A
2016-08 Yuba-Sutter Medical Clinic Yuba City, California Medical No $ N/A
2016-08 Keck Medical Center Los Angeles, California Medical No $ N/A
2016-07 Marin Healthcare District Greenbrae, California Medical Yes $ N/A
2016-03 Chino Valley Medical Center Chino, California Medical No $ N/A
2016-03 Desert Valley Hospital Victorville, California Medical No $ N/A
2016-03 Alvarado Hospital Medical Center San Diego, California Medical No $ N/A
2016-02 Hollywood Presbyterian Medical Center Los Angeles, California Medical Yes $17000 N/A
Yuba County Yuba City, CA Government No $
KHS Bicycles Rancho Dominguez, CA Business Unknown $
University of California Berkeley Berkeley, CA Education Unknown $
Kia Motors America Irvine, CA Business Unknown $
Hyundai Motor America El Monte, CA Business Unknown $
Stanford University Stanford, CA Education Unknown $
University of California Online Berkeley, CA Education Unknown $
Accellion Palo Alto, CA Business Unknown $
Codecov San Francisco, CA Business Unknown $

Prevent Ransomware Attacks in CA

Can ransomware attacks be stopped? Yes. Read more about the best ways to prevent hacking.

One of the best ways to stop a ransomware cyber attack or hacker intrusion is to have zero-trust
application allowlisting combined with a comprehensive endpoint security software solution.

Anti-Ransomware security solutions are installed on your endpoint devices including phones, tablets, laptops, workstations, servers and network systems.
Application control tools using a whitelist will block any malware or viruses from infecting your devices or information systems effectively keeping cybercriminals out.

Learn more about PC Matic Professional Business Security solutions at Endpoint Security to Prevent Ransomware or contact a PC Matic Cybersecurity Specialist.

How can I stop ransomware attacks?

Fight Back Against Ransomware with PC Matic

PC Matic protects all of your devices from modern security threats and cybercrime.

Get Help Now


Ransomware Prevention Best Practices

Maintain Critical Data and System Backups. IT administrators should maintain offline encrypted backups of data, operating system image, and software applications. The best type of backup to have in case of a ransomware attack is a "gold image" of critical systems so they can be rebuilt. A backup of the configured operating system (OS) and all associated software applications that can be deployed to rebuild the system will expedite ransomware recovery. In addition to system images, any applicable source code or executables should be readily available and stored offline with backups. The best cyber-resilient solutions combine information security with system redundancy.

Utilize Application Allowlisting. Application control, whitelisting or allow-listing is one of the most important prevention tools IT administrators can use to prevent ransomware. Use application directory allowlisting, also known as application allowlisting, on all IT assets including endpoint devices, IoT devices, servers and networks to ensure that only already authorized software can run, and all unknown or unauthorized software is blocked from executing. Automated Application Allowlisting from PC Matic makes keeping whitelists up-to-date effective and easy to do.

Ensure Antivirus Software and Anti-Malware Solutions are up to date. Turn on automatic updates for both antivirus and malware solutions. Software and hardware updates including security patch updates are another essential layer of protection against cyber-threats.

Create a Ransomware Response Checklist. Organizations should create a cyber incident response plan with specific steps to take including communications plan that include specific procedures and notifications in case of a ransomware cyber incident. IT professionals in charge of business continuity, cyber incident response, and disaster recovery plans should keep in mind that many ransomware scripts are written to seek out and delete any accessible backups. In some cases, backup files may have already been infected with malware scripts (precursor malware infections). For this reason, application allowlisting which prevents unknown or non-approved program files is an essential part of a cybersecurity plan for any organization.

Vulnerability Scanning. In addition to whitelisting application software and blacklisting antivirus endpoint security, conducting regular vulnerability scans and keeping software up to date is an important part of cyber-incident prevention.

Secure RDP and Device Authentication. Many ransomware incidents occur due to insecure or compromised remote desktop sessions. Using a secure RDP software program with device authentication allows IT administrators to know exactly who is on the network.

Main Ransomware Attack Vectors. Email Phishing, Vishing and Spear-Phishing, Internet Vulnerabilities, Zero-Day and Fileless Infections, Existing Malware Infections (Precursor), third-party MSP (Managed Service Providers), Pass-the-Hash (PTH) Attacks, Advanced Persistent Threats (APTs), and Server Misconfigurations are the principal attack paths cybercriminals use to propagate malware and ransomware in order to launch their attacks.

Implement an intrusion detection system (IDS). With an IDS, IT professionals can more easily detect "command and control" activity irregularities, and other potential malicious network activity that normally occurs prior to ransomware attacks. An effective IDS solution monitors the network, systems and endpoint devices for malicious activity or policy violations. Any intrusion activity or policy violation is reported enabling staff to take appropriate, protective action. PC Matic's System Performance Software is a Unified Performance Management solution helping monitor and maintain systems for optimal cyber-protection.

Use MFA, Multi-Factor Authentication. Institute a policy of using multi-factor authentication for users and apply the principle of "Least Privilege" and "Zero Trust Access" to all systems in the organization.

Employ Network Segmentation and Restrict PowerShell Use. Using Group Policy restrict the use of PowerShell only to specific users on a case-by-case basis. Use network segmentation to silo or insulate critical assets to minimize the impact of any cyber-intrusion, and to frustrate lateral movement by malicious threat actors on the network.

The Latest Ransomware Attacks

Recent Ransomware Attacks.
Twitch, Amazon's video streaming service, suffered a massive data breach of its internal code base which was exposed to the internet. The hackers accessed Twitch servers due to a server misconfiguration and leaked confidential company information and user data including payouts, IT security methods, SDKs, and its entire source code. The massive size of the breach comprising 125 GB of sensitive company data has the potential to affect most if not all of Twitch's user base. This incident demonstrates how important server security is to combat cyber threats. Learn more about server ransomware protection.

Accenture was one of the latest victims of a ransomware attack - hit by Lockbit with a ransom of $50 million. LockBit is a ransomware gang that leases its malicious software to cybercriminals who receive a portion of the ransom paid in exchange for compromising ransomware victim networks. Lockbit is increasingly soliciting disgruntled employees to entice them to download malware in exchange for a piece of the ransom.

T-Mobile. A data breach affecting more than 50 million T-Mobile customers has resulted in a class action lawsuit. The data hack was massive, exposing sensitive customer personal data including Social Security numbers, dates of birth, and driver's licenses.

Renner Brazil. Lojas Renner, Brazil's largest clothing chain store was the target of the first $1 billion ransom, the largest ransomware demand so far. The cyber-attack was conducted by the RansomExx gang, which gained unauthorized access to Renner's servers by way of a Brazilian IT managed services provider.

Memorial Health System. A Hive ransomware attack on Memorial Healthcare System's network allowed access to sensitive patient data and forced the hospital chain to postpone all urgent surgeries. Memorial Health's patients needed to be diverted to other healthcare facilities to receive care. Learn more about ransomware protection for hospitals.

Newest Ransomware Threats

Trickbot, Dridex, Qbot (QuakBot), IcedID, FiveHands, Maze, Egregor, Conti, REvil Sodinokibi, DoppelPaymer, Avo, Pysa, Snatch and NetWalker - are among the most recent ransom variants to be gaining in popularity. Emerging new threat actors include AvosLocker, Hive Ransomware, Karakurt and HelloKitty. Cybersecurity firms suggest these are the most dangerous emerging ransomware threat gangs to watch. Ransomware attacks have increased 65% Year-Over-Year from August 2020 to August 2021 with ransomware gangs Revil and Darkside having been particularly active launching almost 1/3 of the attacks.

Cybercriminals are increasingly exploiting application vulnerabilities to gain access and control of a network's application infrastructure to encrypt sensitive, valuable data.

Ransomware Group Threat Schemes continue to entice disenfranchised employees to deploy malicious scripts. In addition to Lockbit 2.0, Black Kingdom Ransomware is offering one million dollars, or 40% of a $2.5 million ransom as an enticement to employees who help deploy the ransomware known as DemonWare, either remotely or on premises. Insider cyber-threat schemes against corporations and their networks are expected to increase.

Microsoft Windows Tech Support Scam. Using email messages, hackers trick end-users into calling a fraudulent call center or downloading a malicious PDF file with the moniker BazaLoader which installs a backdoor on their computer for hacking into network systems. The malware gives a hacker hands-on-keyboard control of the victim computer leading to the installation of ransomware.

LockFile Windows Exchange Ransomware. LockFile encrypts Windows domains using the recently disclosed ProxyShell and PetitPotam vulnerabilities using unauthenticated, remote code execution to hack into and encrypt devices. (LockFile exploit by the Conti ransomware operation.)

Karma Ransomware Data Leak Cyber Threat. Karma ransomware data breach threatens to release exfiltrated, encrypted data to journalists and publish the data to their website if the ransom isn't paid.

Conti Ransomware is back on the rise again with a renewed FBI/CISA warning alert. Conti's latest victim includes a farm feed cooperative in Iowa that could adversely impact food prices in the near future. The Conti ransomware threat is usually effected through spearphishing or stolen RDP credentials. Read more ransomware alerts.

Ranzy Locker Ransomware FBI Warning Ranzy Locker is a RAAS (Ransomware As A Service) group that uses double extortion against its victims. Ranzy both exfiltrates critical data for extortion before encrypting it for ransom. API calls, system vulnerabilities, and other common ransomware gang TTPs (Tactics, Techniques, Procedures) are used to discover, exfiltrate, and encrypt the target's critical data files.

Sugar Ransomware as a Service. Sugar is a new ransomware variant available to hackers as an RaaS (Ransomware-as-a-Service). This new ransomware family targets personal computers rather than business networks but is just as dangerous as it can encrypt a machine's data and hold it for ransom.

Best Ransomware Protection for 2022

Under Ransom Attack? Get help from PC Matic Anti-Ransomware Solutions. PC Matic is the pioneer in implementing Whitelisting Technologies in small business and enterprise organizations, local and federal government agencies, K-12 schools districts, colleges, universities and educational institutions, hospitals and healthcare facilities, financial institutions, non-profits, critical infrastructure, and industry of all sizes. PC Matic has the best cybersecurity solution for combating ransomware with Application Allowlisting in dynamic and hybrid computing environments. Learn more about how to prevent ransomware attacks.

Secure Your Family’s Devices

Millions of families around the world trust PC Matic to protect their home devices.

Business & Government Security

PC Matic Pro provides security and device management for public and private organizations of any size.