Home > Security > Security News

City of Santa Paula Hit by Ransomware Attack Claimed by Qilin, Government Services Disrupted

Published on November 28, 2025
Written by:
Lore Apostol
Lore Apostol
Cybersecurity Writer
City Hall – Santa Paula - Ransomware - California Map
Summarize with:
ChatGPT logo ChatGPT Claude.ai logo Claude.ai Google AI logo Google AI Grok logo Grok Perplexity logo Perplexity
Google logo Add as preferred source on Google

Key Takeaways

The City of Santa Paula, California, is grappling with the aftermath of a significant cyber incident, reportedly carried out by the notorious Qilin ransomware group. The city first announced it was "currently experiencing a network outage affecting email and internal servers" on November 12. 

While the cause was initially unconfirmed by officials, the threat actor has since claimed the city as a victim. 

Details of the Cyberattack on Santa Paula

The U.S. city’s initial statement confirmed a widespread government network outage that severely hampered internal communications and access to essential digital infrastructure.

Qilin claims another government entity
Qilin claims another government entity | Source: FalconFeeds on X

The full scope of the breach and the specific data potentially compromised have not yet been disclosed by city officials.

The Qilin ransomware group, known for its double-extortion tactics, usually exfiltrates sensitive information with the threat of public release if a ransom is not paid.

Response to the Santa Paula Ransomware Attack

The response from the City of Santa Paula will be critical in mitigating the damage. Restoring encrypted systems from backups, investigating the extent of data exfiltration, and securing the network against further intrusion are complex and resource-intensive processes. 

This cyberattack on Santa Paula highlights the persistent threat that ransomware poses to public sector entities, which often manage sensitive information and provide essential community services.

The threat actor targeted the City of Sugar Land in October, when it also continued to target health organizations, such as the Shamir Medical Center in Israel and MedImpact. Qilin Ransomware's attack methods recently evolved to include leveraging VPN credentials exposed on the dark web. 

Add a Comment
Related
Rockstar Games Data Breach Reportedly Leaked Analytics via Prior Anodot Security Incident
Basic-Fit Data Breach Exposes 1 Million Member Records, Impacting at Least 200,000 Customers in the Netherlands
Booking.com Data Breach Exposes Sensitive Customer Information
Canis C2 Surveillance Framework Exposed API Discovered Targeting Japan
Main Suspect in €6 Million Swedish Bank Scam with At Least 25 Victims Extradited from the US to Sweden
8 Tech Giants' CSAM Reporting Deficiencies Investigated Following NCMEC Documented Findings
Most Popular
Rockstar Games Data Breach Reportedly Leaked Analytics via Prior Anodot Security Incident
Telegram Rolls Out Anti-Censorship Update as CEO Urges Russians to Use Multiple VPNs
Telegram Rolls Out Anti-Censorship Update as CEO Urges Russians to Use Multiple VPNs
Basic-Fit Data Breach Exposes 1 Million Member Records, Impacting at Least 200,000 Customers in the Netherlands
Booking.com Data Breach Exposes Sensitive Customer Information
Surfshark Unveils ‘Dausos,’ a New VPN Protocol Built for Use
Surfshark Introduces ‘Dausos’ - A New VPN Protocol Focused on Speed and Security
NordVPN UI changes remove P2P category in latest update
NordVPN Removes Dedicated P2P Servers, Confirms Support Shift
Rockstar Games Data Breach Reportedly Leaked Analytics via Prior Anodot Security Incident
Telegram Rolls Out Anti-Censorship Update as CEO Urges Russians to Use Multiple VPNs
Basic-Fit Data Breach Exposes 1 Million Member Records, Impacting at Least 200,000 Customers in the Netherlands
Booking.com Data Breach Exposes Sensitive Customer Information
Surfshark Introduces ‘Dausos’ - A New VPN Protocol Focused on Speed and Security
NordVPN Removes Dedicated P2P Servers, Confirms Support Shift

Most Popular
Rockstar Games Data Breach Reportedly Leaked Analytics via Prior Anodot Security Incident
Telegram Rolls Out Anti-Censorship Update as CEO Urges Russians to Use Multiple VPNs
Telegram Rolls Out Anti-Censorship Update as CEO Urges Russians to Use Multiple VPNs
Basic-Fit Data Breach Exposes 1 Million Member Records, Impacting at Least 200,000 Customers in the Netherlands
Booking.com Data Breach Exposes Sensitive Customer Information
Surfshark Unveils ‘Dausos,’ a New VPN Protocol Built for Use
Surfshark Introduces ‘Dausos’ - A New VPN Protocol Focused on Speed and Security
NordVPN UI changes remove P2P category in latest update
NordVPN Removes Dedicated P2P Servers, Confirms Support Shift
Rockstar Games Data Breach Reportedly Leaked Analytics via Prior Anodot Security Incident
Telegram Rolls Out Anti-Censorship Update as CEO Urges Russians to Use Multiple VPNs
Basic-Fit Data Breach Exposes 1 Million Member Records, Impacting at Least 200,000 Customers in the Netherlands
Booking.com Data Breach Exposes Sensitive Customer Information
Surfshark Introduces ‘Dausos’ - A New VPN Protocol Focused on Speed and Security
NordVPN Removes Dedicated P2P Servers, Confirms Support Shift

TechNadu keeps you informed with the latest in cybersecurity, VPNs, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2026 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: