---

---

After working through Memorial Day weekend, emergency workers from across the state have got Curry County’s network back on its feet.

But the county’s taking baby steps, bringing some of its smaller departments back on line and using them as test cases to ensure the network is stable and secure, Commissioner Brad Alcorn told the Wild Rivers Outpost on Tuesday.

“We just started doing that this morning,” he said, adding that the county’s Juvenile Department was one of the first to be added to the network. “We have to be careful about how we do that. You don’t just hand somebody a computer and say, ‘Here you go,’ and you log in and go to work. There are a lot of authentications that have to take place and you have to accept various programs and navigate some of that stuff.”

Curry County officials found that its server network was “generally inaccessible” on April 26. County officials stated the servers were attacked by the Royal ransomware group, according to a May 5 news release.

The attack forced Curry County to completely rebuild its network. On May 4, the county activated its emergency operations center. Since then the county has received aid from multiple agencies, including the Oregon Department of Forestry, the Cyber Security and Infrastructure Security Agency and the Information Technology Disaster Resource Center.

Microsoft techs are also working with Curry County, according to a May 25 news release.

“We must essentially rebuild our network from the ground up and implement multi-factor authentication for all devices,” the county stated. “A methodical approach with appropriate security measures is key to recover from this incident and prevent future occurrences.”

Staff from Yumatilla County will be helping out in Curry County on Wednesday along with some new staff from Lane County.

The Department of Homeland Security and the FBI continue to spearhead the criminal investigation into the ransomware attack, Alcorn said.

“It’s still an open and ongoing case,” he said.

In a May 17 statement he posted to Facebook, Alcorn said he couldn’t speak to the ransom Curry County received or whether the county would pay it.

On Tuesday, in addition to taking it slow, starting with adding a handful of employees in a few departments to the network so the system doesn’t overload, Curry County has implemented a new IT policy.

Alcorn said “it’s more current and fits today’s cyber security needs more efficiently.”

“We communicated with other counties to see what their protocols are and we talked with state experts to develop a policy and we rolled that out today as well,” he said. “This is a policy we’ll be modifying regularly because in this world, the environment of cyber security changes frequently.”

As Curry County continues to recover, Alcorn said other communities are watching adn asking for information. He said he would be speaking with a representative of Baker County’s IT staff about the incident.

“Other jurisdictions are learning from what happened with us — what we were doing right; what we were doing wrong and how we can strengthen each other’s security network,” he said. “I would imagine when this happens again, we’ll probably be calling and asking what happened so we get even stronger.”

Royal ransomware group has been responsible for attacks against other communities, including Dallas, Texas.

County offices are still open for business, though there are functions staff can’t perform until their computers are restored, according to the news release. This includes the online database of deeds and records.

County staff urge folks to call (541) 247-3295 or come by the office if they need a copy of a deed or another document.

---

SHARE →