A ransomware group claims to have stolen a significant amount of files from a regulatory agency in Oregon after the organization said it had no evidence of a data breach.
The Oregon Department of Environmental Quality (DEQ) is the regulatory agency in charge of the quality of air, land and water in the state. The organization revealed on April 9 that it had launched an investigation into a cyberattack that forced it to shut down networks as part of containment efforts.
The DEQ has been issuing updates every day since, and several of the updates pointed out that the agency had found no evidence of a data breach.
The incident disrupted email and help desk services, as well as vehicle inspection stations. The agency said its environmental data management system is hosted on a separate server and has not been impacted.
After the regulator’s repeated denials about suffering a data breach, the notorious Rhysida ransomware group took credit for the attack on Monday, claiming to have stolen 2.5 Tb of files, including employee data.
A screenshot posted by the hackers is meant to demonstrate their claims, but the image’s low resolution makes it difficult to verify that the information indeed comes from the DEQ.
The cybercriminals claim that unless the agency pays a ransom, the stolen data will be put up for auction early next week.
The price listed on the hackers’ Tor-based leak website is 30 bitcoin ($2.5 million), but it’s unlikely that anyone would pay such a large amount for data stolen from the systems of a state agency such as the DEQ.
It’s unclear if the organization’s investigation has in the meantime confirmed a data breach. Its latest update, issued on April 15, neither confirms nor denies a data breach.
The Rhysida ransomware group has taken credit for several high-impact hacks over the past year, including attacks aimed at the Port of Seattle, the City of Columbus in Ohio, the Pennsylvania State Education Association, and several healthcare organizations in the United States.
Related: Kidney Dialysis Services Provider DaVita Hit by Ransomware
Related: Conduent Says Names, Social Security Numbers Stolen in Cyberattack
Related: 2.6 Million Impacted by Landmark Admin, Young Consulting Data Breaches
Related: Operations of Sensor Giant Sensata Disrupted by Ransomware Attack