A new cyberattack controversy has erupted in Oregon as the Rhysida ransomware group claims responsibility for a major breach targeting the state’s Department of Environmental Quality (DEQ). The group alleges it has stolen an astonishing 2.5 terabytes of sensitive data—including employee records—just days after the agency publicly denied any signs of a breach.
The Oregon DEQ, which oversees the state’s air, land, and water quality, first reported a network incident on April 9. The department said it had to shut down its systems as a precaution, disrupting key services like email, help desk functions, and even emissions testing at vehicle inspection sites. Since then, the agency has been sharing daily updates—each insisting there’s no evidence to suggest a data breach had taken place.
However, that narrative is now being challenged. On Monday, Rhysida claimed on its dark web leak site that it carried out the attack and obtained massive troves of data from DEQ’s internal systems. To back up its claim, the hackers posted a low-resolution screenshot that they say proves their access to DEQ’s files. But due to the image quality, verifying the authenticity of the data remains difficult.
Rhysida has also issued a threat: unless a ransom is paid, they will auction off the stolen data next week. The price? A steep 30 bitcoin—roughly $2.5 million. While high-stakes ransom demands are common in ransomware attacks, experts doubt anyone would pay that amount for data stolen from a state environmental agency.
What makes the situation murkier is that the DEQ’s most recent public update, posted on April 15, neither confirms nor denies a breach has occurred. This silence leaves open the question of whether Rhysida’s claims hold weight—or if the group is bluffing.
Rhysida isn’t new to the ransomware scene. Over the past year, the group has claimed credit for several disruptive attacks, including cyber incidents at the Port of Seattle, the City of Columbus in Ohio, the Pennsylvania State Education Association, and multiple healthcare organizations across the U.S.
So far, there’s no clear indication whether the DEQ will negotiate or pay the ransom. But one thing is certain: ransomware attacks are escalating not just in frequency, but also in boldness. As state agencies remain prime targets, experts warn that swift detection, transparency, and stronger cyber defenses are now more critical than ever.
