Oregon agency’s sensitive data published to dark web, ransomware group claims

A ransomware group released millions of files they said were stolen from Oregon Department of Environmental Quality, Oregon Public Radio reported Friday.

The outlet reports that Rhysida, the ransomware group that claimed responsibility for a April 9 cyberattack that forced DEQ officials to pause most of services, including vehicle emissions testing, published 1.3 million files, roughly 2.4 terabytes of data, to the dark web. The files appear to contain sensitive employee information.

“We tried to contact them, but they chose to ignore us,” a message posted to Rhysida’s website last Thursday read. “And now their files have been released.”

Lauren Wirtis, an agency spokesperson, provided little additional information.

“DEQ is aware of these claims and they are under investigation,” Wirtis wrote in an email.

The department, which regulates air quality, announced this month it had been the victim of a potential cyberattack, but denied that there had been a data breach.

“At this time there is no evidence of a data breach,” the department’s April 10 update read.

Department employees were forced to work from their phones and were unable to receive emails April 9-11.

The department last week announced it had enlisted a data forensics team to investigate the incident, but stopped short of admitting any data had been stolen.

“We will provide more information when we have verified information. We have not engaged in ‘ransom’ or payment discussions with the attacker, or with any entity claiming to have information stolen from DEQ for sale,” the Friday post read.

The announcement also stated that DEQ services for the public had been restored.