Jessica Cejnar Andrews / Wednesday, May 17, 2023 @ 5 p.m.
Despite Having to 'Start Over' After Last Month's Cyber Attack, Curry County Government is 'Continuing,' Brad Alcorn Says
Curry County has activated its emergency operations center and is rebuilding its networks following a cyber attack last month that left officials and staff unable to access data systems, internal documents and email.
In an update to the community Wednesday on the “Curry County Cyber Incident” via Facebook live, Commissioner Brad Alcorn said email is still down, but “our government is continuing.” The county held its first budget committee meeting Monday and is planning on another.
The Board of Commissioners also met Wednesday. Alcorn said a recording of that meeting should be available via YouTube shortly.
Alcorn also directed residents to the Oregon Secretary of State’s website for the results of Tuesday’s special district election, saying the county had a better-than-expected 27.4 percent voter turnout.
“This is devastating — I’m not going to lie,” Alcorn said of the ransomware attack. “But we could be sitting here going, ‘Oh my God, I can’t believe this happened, how are we going to proceed?’ We’re not doing that at all. In fact, the message I’m giving everybody is, ‘This happened, we’re going ot deal with it, we’re going to build a better bigger faster system that’s going to serve our community more efficiently.’”
Curry County offices began having trouble accessing internal documents on April 26 and found that its server network was “generally inaccessible,” according to a May 5 news release. County officials stated that the servers were impacted by a cyber attack attributed to the Royal Ransomware Group, according to the release.
On Wednesday, Alcorn said Curry County isn’t Royal Ransomware Group’s only victim.
“There are other victims across the nation of this group and we have a very large and complex ongoing criminal investigation being conducted right now,” he said from the county’s EOC. “I’m not able to answer questions about the amount of the ransom or whether we’re going to pay or specifics related to that right now. I will eventually, but at this point, the investigation is active and ongoing.”
At this point, Curry County is completely rebuilding its network, which includes implementing multi-factor authentication and working with vendors to load new software and other technology, Alcorn said.
He said the county is doing this through the emergency operations center using the same command structure as it would during an earthquake or other disaster.
The incident commander is Eric Perkins, who works one of Oregon Department of Forestry’s incident management teams. Perkins said he’s been on the incident management team for 13 years, starting as a section chief.
In addition to ODF other agencies helping Curry County rebuild its networks include Klamath, Lane, Josephine and Coos counties, the Information Technology Disaster Resource Center, the Oregon Department of Transportation, Oregon Health Authority, University of Oregon and the Oregon Emergency Management Agency, said Monica Ward, Curry County’s emergency management director.
Curry County has also received help from Microsoft and the Cyber Security and Infrastructure Security Agency, Ward said.
“Since May 4, we’ve had 42 people rotate through here in Curry County,” Ward said. “Our request for aid last week has been heard and our neighbors are trying to help us.”
Even though email is still unavailable, Curry County residents can reach staff and elected officials via phone, Alcorn said. He also thanked his colleagues, John Herzog and Jay Trost, as well as other elected officials who are “working flawlessly together.”
“No one is being contentious,” Alcorn said. “In fact, this is my fifth month as your commissioner… We’re all working together toward this common goal. We are functioning as an efficient form of government right now.”