Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Home Data Breach Rhysida Ransomware Group Leaks 1.3M Files Stolen from Oregon DEQ After Failed Extortion Attempt
Data Breach Data Leak Extortion Ransomware attack Ransomware group Ransomwares Rhysida Rhysida Ransomware Rhysida ransomware gang

Rhysida Ransomware Group Leaks 1.3M Files Stolen from Oregon DEQ After Failed Extortion Attempt

Rhysida ransomware group leaks 1.3M stolen files from Oregon DEQ after failed extortion attempt, affecting employees and state operations.
Friday, May 02, 2025

 

A major ransomware breach has rocked the Oregon Department of Environmental Quality (DEQ), with over 1.3 million files—amounting to 2.4 terabytes—dumped online by the cybercriminal group Rhysida. The stolen data, now circulating on the dark web, reportedly includes confidential information linked to DEQ employees. Whether personal data of Oregon residents outside the agency was compromised remains unconfirmed. DEQ first disclosed system disruptions on April 9, attributing them to a suspected cyberattack. 

The agency, responsible for regulating pollution, waste, air quality, and smog checks for vehicle registrations, had to suspend several core services as a result. An investigation into the breach is underway, but DEQ has not officially confirmed the volume or content of the compromised data. However, Rhysida’s own dark web site claimed responsibility, stating that it attempted to contact DEQ but was ignored. The group then released the data publicly, writing: “They think their data hasn’t been stolen. They’re sorely mistaken.” Before the leak, the group had placed a $2.5 million price tag—30 Bitcoins—on the files, offering them at auction to the highest bidder. 

By April 24, some of the stolen content had reportedly been sold, while the remaining files were made freely available for download. The breach has had serious operational consequences. For nearly a week following the attack, DEQ employees were locked out of their internal systems and email. Emails sent between April 9 and 11 were lost entirely. Vehicle emissions testing—a requirement for registrations in parts of Oregon—was halted across all non-DEQ testing locations, though some services resumed at DEQ-owned facilities on April 14. In a statement issued April 19, DEQ confirmed that employees were gradually regaining access to their work devices, moving from phones back to laptops. 

Despite the cyber disruption, spokesperson Lauren Wirtis said DEQ’s mission-critical services via its online platform DEQ Online remained operational and unaffected. Rhysida, an increasingly active ransomware gang, has previously attacked global organizations including the British Library, Chilean Army, and the Port of Seattle. Their tactics typically include data theft, extortion, and high-pressure ransom demands. 

Oregon’s Enterprise Information Services is leading the forensic investigation, alongside efforts to strengthen state cybersecurity systems. As of April 26, DEQ clarified that no ransom negotiations had occurred, and the timeline for completing the investigation remains uncertain.
Tags: Data Breach Data Leak Extortion Ransomware attack Ransomware group Ransomwares Rhysida Rhysida Ransomware Rhysida ransomware gang
Share it:

Data Breach

Data Leak

Extortion

Ransomware attack

Ransomware group

Ransomwares

Rhysida

Rhysida Ransomware

Rhysida ransomware gang