The Department of Administrative Services (DAS) has retained an outside contractor to assist in a digital forensic investigation, following an April 9 cyber attack at the Oregon Department of Environmental Quality (DEQ).
“Investigation timelines can vary from a few weeks to a few months depending on the severity and complexity of a cyber incident,” Andrea Chiapella, DAS communications director, said. The department houses Enterprise Information Services, the state’s information technology division. It is not yet clear how long the investigation will run.
The cyber attack compromised the DEQ internal email system for several days, and temporarily halted vehicle inspections in Medford and Portland. State officials are not saying what data was taken or damaged, or what repairs to systems may be required.
“While the investigation is ongoing, we cannot provide any details,” Chiapella said via email. “Doing so would be premature or could give threat actors additional information that would further compromise the state of Oregon.”
News reports indicating the hacker group Rhysida claimed responsibility for the attack, and has demanded a ransom for the data taken, have been disputed by state officials.
“At this time no contact has been made with any group claiming responsibility for this cyber incident, nor has any ransom been demanded from DEQ or the state of Oregon,” Chiapella said. “Claims that have not been verified have been reported in the news media. It is critical we do not take unverified claims on the dark web or anywhere else as fact.”
DAS did not immediately respond to a question about whether the state has cybersecurity insurance.