Hackers release millions of files after Oregon DEQ cyberattack Jefferson Public Radio

pA ransomware group has released over a million files that the group says it stole from the Oregon Department of Environmental Quality The files appear to include sensitive information about DEQ employeesppIts not clear if private vehicle registration data or other information related to Oregonians who dont work at DEQ was also stolenppDEQ announced earlier this month that it had to freeze most of its services after a potential cyberattack The state agency regulates air quality toxins waste and pollution It also runs vehicle smog inspections that are required for driver registrations in the Portland and Medford areasppAn agency spokesperson didnt confirm on Thursday how much data was stolen noting only that an investigation was ongoingppBut by the time of that OPB interview a wellknown and advanced ransomware group called Rhysida had already released 13 million files amounting to 24 terabytes on the dark web a part of the internet thats only accessible through special softwareppWe tried to contact them but they chose to ignore us Rhysidas website read Thursday And now their files have been releasedppPrior to the data release Rhysida claimed the files were worth 30 Bitcoins which would be worth about 25 million The hacker group set the clock for a weeklong auction where bidders could name their price for exclusive unique and impressive datappBy Wednesday Rhysidas site indicated a portion of DEQs files had been auctioned off to data buyers The rest was available for anyone to download from the dark webppRhysida has targeted multiple organizations in recent years including the British Library medical facilities and the Chilean Army The group also hacked into computer servers run by the Port of Seattle in a breach affecting 90000 peopleppDEQ first announced it was experiencing a potential cyberattack on April 9 The agency shut down most of its services and programs For the rest of that week DEQ posted daily updates denying that there had been a data breachppDuring that time employees didnt have access to their internal network files or email inboxes Any emails sent to staff between April 9 and 11 were never received and need to be sent again Some permitting and public engagement processes were also put on holdppDEQ also paused vehicle emissions testing which is required for driver registrations in the Portland and Medford areas Oregon drivers also couldnt get their vehicles tested at gas stations mechanics or other businesses that offer the service or at stateoperated locations As of Friday the system that allows businesses to offer emissions testing remained down but testing has been available at DEQs own testing sites since April 14ppIt wasnt until April 15 that DEQ staff said the incident was an unexpected cyber attack rather than a potential attack The following day an online tech news website SecurityWeek reported that Rhysida had claimed responsibility for the data breach and was giving the agency a week to respond That was the most information that had so far become available to Oregonians about the nature of the attackppBy April 17 last Thursday DEQ officials said its employees didnt have laptops and were working from their phones On Friday DEQ said hundreds of its employees were working on laptopsppDuring Thursdays interview with OPB DEQ spokesperson Lauren Wirtis noted that information stored on the agencys new online portal DEQ Online was not affected DEQ has moved most of its air land and water quality permitting programs to this portalppSo in terms of DEQ carrying out its mission to protect air land and water in the state of Oregon that is something that we have continued to uphold during this time Wirtis saidppEnterprise Information Services under the Oregon Department of Administrative Services is investigating the cyberattackppThe state cybersecurity services is enhancing cyber defense measures to protect DEQ assets and other state enterprise networks in conjunction with the agency services recovery Wirtis said in an emailed statement Fridayp