Cyber Incident Victim: Yuba County

On or around February 18, 2021, Yuba County experienced a ransomware cyber attack that compromised portions of its computer systems. The attackers deployed malware that encrypted files and infrastructure across affected county networks, rendering them inaccessible for normal operations. County spokesperson Russ Brown publicly confirmed the incident, characterizing it as a deliberate ransomware operation. The threat actors demanded payment from the county government in exchange for providing a decryption key necessary to restore the locked systems. Yuba County authorities did not disclose the specific entry vector used by the attackers or the exact number of systems compromised during the intrusion. The attack disrupted routine county administrative functions and service delivery mechanisms dependent on the encrypted infrastructure.

Yuba County officials refused to comply with the attackers' financial demands, maintaining a policy against ransom payments as confirmed by Brown. The county initiated response protocols to contain the malware's spread and assess the full scope of compromised systems, though specific technical containment measures were not detailed publicly. Recovery efforts focused on restoring operations without acquiring the decryption key through payment, implying reliance on backups or alternative restoration methods. The incident caused operational disruptions across unspecified county departments and services during the encryption and recovery phases. No evidence emerged suggesting citizen data theft or subsequent leakage by the attackers, with the primary impact confined to system availability rather than confirmed data exfiltration. County representatives continued investigating the attack's origins while working to fully reinstate affected systems in subsequent weeks.