Rhysida Ransomware Group Leaks 1.3M Files Stolen from Oregon DEQ After Failed Extortion Attempt

A major ransomware breach has rocked the Oregon Department of Environmental Quality (DEQ), with over 1.3 million files—amounting to 2.4 terabytes—dumped online by the cybercriminal group Rhysida. The stolen data, now circulating on the dark web, reportedly includes confidential information linked to DEQ employees. Whether personal data of Oregon residents outside the agency was compromised remains unconfirmed.

DEQ first disclosed system disruptions on April 9, attributing them to a suspected cyberattack. 

The agency, responsible for regulating pollution, waste, air quality, and smog checks for vehicle registrations, had to suspend several core services as a result.

An investigation into the breach is underway, but DEQ has not officially confirmed the volume or content of the compromised data. However, Rhysida’s own dark web site claimed responsibility, stating that it attempted to contact DEQ but was ignored. The group then released the data publicly, writing: “They think their data hasn’t been stolen. They’re sorely mistaken.”

Before the leak, the group had placed a $2.5 million price tag—30 Bitcoins—on the files, offering them at auction to the highest bidder. 

By April 24, some of the stolen content had reportedly been sold, while the remaining files were made freely available for download.

The breach has had serious operational consequences. For nearly a week following the attack, DEQ employees were locked out of their internal systems and email. Emails sent between April 9 and 11 were lost entirely. Vehicle emissi

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.