NoEscape attacks Motorcycles of Charlotte and Greensboro

Incident Date:

October 24, 2023

World map



NoEscape attacks Motorcycles of Charlotte and Greensboro


Motorcycles of Charlotte and Greensboro




Charlotte, USA

North Carolina, USA

First Reported

October 24, 2023

NoEscape Ransomware Targets North Carolina Motorcycle Dealerships

The NoEscape ransomware gang has attacked Motorcycles of Charlotte and Greensboro. Motorcycles of Charlotte and Motorcycles of Greensboro are two separate motorcycle dealerships located in North Carolina, USA. Each dealership offers a wide range of motorcycles, accessories, parts, and services to motorcycle enthusiasts in their respective areas.

NoEscape posted Motorcycles of Charlotte and Greensboro to its data leak site on October 24th, threatening to publish 4GB of stolen data by November 2nd if the organization fails to pay an unspecified ransom. NoEscape – assessed to be a spinoff of the disbanded Avaddon gang - emerged in May of 2023 and operates as a Ransomware-as-a-Service (RaaS) and emerged with variants for targeting both Windows, Linux and VMware ESXi systems.

NoEscape's Rapid Rise

NoEscape provides affiliates with 24/7 technical support, communications, negotiation assistance, as well as an automated RaaS platform update feature. Having just recently emerged, NoEscape has rapidly become one of the more prolific attack groups, with attack volume escalating significantly in the second quarter of 2023.

It is unclear how high the typical NoEscape ransom demands tend to be, but it has been observed that profit sharing with affiliates is on par or even more attractive than other groups with ransoms over $3 million netting 90/10 split with affiliates taking the lion’s share.

Technical Details of NoEscape Ransomware

NoEscape is written in C++ and is relatively unique in the space in that the developers opted to build the RaaS platform from scratch rather than rely on code re-use from other ransomware variants. NoEscape ransomware payloads support multiple encryption options ranging from extra fast to extra strong encryption and leverages RSA and ChaCHA20 encryption algorithms with a single key for all impacted files for faster decryption of a ransom is paid.

NoEscape can operate in safe mode to bypass security tools, terminates processes, erases VSS shadow copies and system back-ups to thwart recovery efforts, and abuses Windows Restart Manager to circumvent processes not terminated. NoEscape operations target a wide array of industry verticals with a focus on Professional Services, Manufacturing, Information Technology, and Healthcare.

Affiliate Program and Double Extortion Schemes

NoEscape offers its RaaS platform to affiliate attackers and operations typically include data exfiltration or other actions to be leveraged in double extortion schemes such as a denial-of-service option for a hefty additional fee to the affiliate. NoEscape maintains a TOR-based leaks site to name-and-shame victims.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.