CURRY COUNTY, Ore. -- Curry County is still working to get their systems working normally again after an April 26 ransomware attack.Â
The county sent a news release on Thursday with updates on the progress officials have made.Â
"Our IT staff are working with computer experts to back up and recover our systems with assistance from Microsoft techs. We are making good progress every day, but it is a long, complex process," the release said. "We must essentially rebuild our network from the ground up and implement multi-facot authentication for all devices. A methodical approach with appropriate security measures is key to recover from this incident and prevent future occurrences."
Curry County's systems are down after data was stolen in a ransomware attack.
The real estate community has been impacted, the release said, because the county cannot file titles or other documents. They are also asking the public to confirm reservations, appointments and commitments because staff are still unable to access information stored in the systems.Â
"The ransomware attack affected the county computer system. We still do not have the ability to use our computer network or devices, including staff email," the release said. "We are asking the public to reach out to the county to confirm existing reservations, appointments and commitments as employees are unable (to) access calendars and contact lists."Â
In the release, the county also said that residents should keep an eye on their finances in case of fraud.Â
"We have heard concerns about the security of information like tax records and other data. There is still a lot we are learning about the impact of this incident. We will provide information when we know more," the release said. "In the meantime, experts suggest using a credit monitoring or similar application to watch for fraudulent activity."
911 has not been impacted, the release said. The county urged residents to call for help if needed, since the county is still capable of receiving 911 calls and dispatching emergency services.Â
The May 16 special election was also not affected, the county said, and votes were able to be counted and recorded as normal. The county worked with the Secretary of State Office before the election to ensure the systems were capable of counting votes correctly.Â
"The state and federal investigation continues," the release said. "Cyberattack investigations are complex and time-consuming. We are not the only organization to be targeted for a ransomware attack like this; the information gleaned from this investigation will help inform other investigations, and vice versa. Specific details about how the ransomware was introduced to our system and any demands for payment are not available for release at this stage in the investigation."
While the county is working to get systems restored back to normal as soon as possible, the release said, there is still no estimated time.
"Our leaders and staff thank everyone for their patience and support," the release said. "We are a resilient community and we will come out of this better and stronger."
For updates, visit the Curry County website, Curry County Government Facebook page or the Facebook page of county commissioner Brad Alcorn.Â
Below is the full news release.
The following is an update from the County Board of Commissioners on the work we are doing to recover from the full April 26 ransomware attack:
The ransomware attack affected the county computer system. We still do not have the ability to use our computer network or devices, including staff email. We are asking the public to reach out to the county to confirm existing reservations, appointments and commitments as employees are unable access calendars and contact lists.Â
Please know we are working to get our systems back online as quickly and safely as possible. At this time, we do not have an estimated time for service to be restored. Please contact us by phone or drop by in person so we can assist you.Â
Our IT staff are working with computer experts to back up and recover our systems with assistance from Microsoft techs. We are making good progress every day, but it is a long, complex process. We must essentially rebuild our network from the ground up and implement multi-factor authentication for all devices. A methodical approach with appropriate security measures is key to recover from this incident and prevent future occurrences.
We are pleased to report that the counting of votes for the May 16 election was not affected. We worked directly with the Secretary of State to ensure systems were intact prior to counting and reporting votes. Results are available here: https://results.oregonvotes.gov./.
Our emergency dispatch system is in service. While some non-essential computer functions were affected, we have remained capable of receiving 911 calls and dispatching emergency services. Do not hesitate to call for help when it is needed.Â
We have had an emergency operation center (EOC) in place since May 4 with emergency staff working directly with county leaders. The structure is similar to what we see during a major wildfire incident. In fact, most of the people currently staffing the EOC are from the Oregon Department of Forestry. Dozens of other personnel from other county, state and federal agencies have been involved. We are incredibly fortunate to have expert help as we work through this incident.Â
All our offices remain open for business, although there are some functions we cannot perform until our computers are restored. The local real estate community has seen a specific impact because the county is not able to file titles and other documents. We know it is frustrating to experience delays in the services we normally provide. If you have any questions, please contact us by phone or in person.
The state and federal investigation continues. Cyberattack investigations are complex and timeconsuming. We are not the only organization to be targeted for a ransomware attack like this; the information gleaned from this investigation will help inform other investigations, and vice versa. Specific details about how the ransomware was introduced to our system and any demands for payment are not available for release at this stage in the investigation.
We have heard concerns about the security of information like tax records and other data. There is still a lot we are learning about the impact of this incident. We will provide information when we learn more. In the meantime, experts suggest using a credit monitoring or similar application to watch for fradulent activity.
While incidents of this type move slowly, we are committed to keeping you informed. Commissioner Brad Alcorn has provided live video updates via Facebook. A link to the latest video is available on the Curry County Government Facebook page. Watch for more updates in the future. We will also post service outage updates on the Curry County website: https://www.co.curry.or.us/.
Our leaders and staff thank everyone for their patience and support. We are a resilient community and we will come out of this better and stronger. Please join us in thanking all the people who are working behind the scenes to help our community.
