PORTLAND, Ore. — A recent incident concerning cyber security at Oregon’s Department of Environmental Quality remains shrouded in mystery as the agency chooses to withhold certain information. Although a ransomware group has been suggested as a likely culprit of a recent breach, no confirmation has been made. The Oregonian/OregonLive shed light on the possible involvement of the hacker collective known as Rhysida, which is accused of extricating sensitive employee data during the intrusion. However, the agency has neither confirmed nor denied these allegations.
In a news release issued on Friday, the department made it clear that the unfolding investigation did engage with the claims circulated in the media but did not provide particulars about any contacts from Rhysida or demands for ransom payment. An agency spokesperson, Lauren Wirtis, emphasized that discussions regarding ransom have not been held with any party alleging they possess purloined information they’re attempting to trade. Further specifics are promised once a thorough validation of facts is completed.
The disruption, first acknowledged around two weeks ago, significantly affected the department’s functions, particularly impacting critical services like vehicle emissions testing and internal email systems. Recovery efforts have seen most servers restored to operational status. A majority of personnel now work on laptops instead of phones, showing progress since many employees faced challenges without laptops just last week.
As a security measure, a full overhaul of computer systems and servers is underway to eliminate any remnants of the cyber range interference. The department committed to rebuilding potentially compromised machinery to ensure complete safety from infected files before resuming full operations.
Rhysida’s name has surfaced in other notable cyberattack incidents over recent years, with their previous targets including significant institutions such as the Seattle-Tacoma International Airport operator and the municipal systems of Columbus, Ohio. The insinuation of their involvement adds weight to an unsettling pattern of digital assaults carried out by this group supposedly aimed at extracting sensitive information.