Curry County computer system ‘starting from scratch’ after ransomware attack

By Jane Vaughan (Jefferson Public Radio)
May 15, 2023 11:45 p.m.

The Southern Oregon county is struggling to function after a ransomware attack left it unable to access any of its digital information.

Curry County does not have access to any of its online files, including email.


“Everything that relates to county operations that was online is now gone. So our computers have to be completely wiped clean, and everything’s got to start over,” Curry County Commissioner Brad Alcorn said. “Our network has to start over. Our servers have to start over. We are essentially starting from scratch.”

“You couldn’t plug your computer into a printer and print a document right now,” he said.

The county first learned of the attack on April 26 when a sheriff’s dispatch noticed that county information was inaccessible and encrypted.

The county still has control over Tuesday’s election and over 911 dispatch calls. But Alcorn said the attack has affected every other part of county government operations.

“Let’s say that you’re buying a house, and you have your interest rate loan locked, and you’re about to close on your mortgage agreement. We can’t record that right now. If you’re selling the house, we can’t record the sale of your home. If you’re trying to get a marriage license, it’s not going to happen right now,” he said.

Alcorn said addressing the problem will cost the residents of Curry County millions of dollars to reload computer programs and rebuild the local network.

An emergency operations center has been set up in the Curry County Courthouse to address the recent ransomware attack.

An emergency operations center has been set up in the Curry County Courthouse to address the recent ransomware attack.

Courtesy of Courthouses.Co

The county was targeted by Royal ransomware. Royal later asked for ransom money to get access to the information; Alcorn declined to share the amount that was requested.

The county is collaborating with state police, the FBI and the Department of Homeland Security in an ongoing investigation into the attack.

According to the Office of Information Security and the Health Sector Cybersecurity Coordination Center, Royal ransomware attacks have recently increased across the globe, primarily targeting the U.S.

It has been reported that this group also attacked the city of Dallas, Texas, in early May. Federal security agencies recently released a cybersecurity advisory about Royal to help protect organizations from ransomware.

The group often uses phishing emails to gain access to online systems. Alcorn declined to describe how Royal gained access to Curry County’s system.

Alcorn said he is trying to be transparent about what the county has faced to make sure the community is better prepared for future attacks.

“We as a state are very set up for, you know, flooding, for earthquake, for fires, for those types of natural disasters, but we are definitely behind the curve in a cyber attack like this,” he said. “I don’t think other counties [in Oregon] have suffered an attack of this magnitude.”

Curry County Commissioners declared a state of emergency on May 5 as a result of the attack. The county has set up an emergency operations center in the courthouse to address the problem. Since the attack, the county has been coordinating with a variety of groups to rebuild the county’s servers and get the county government get back up and running online.

Alcorn said the county has not seen any evidence of identity theft or personal information being compromised.