Oregon county data leaked online by Conti

The Conti ransomware group has published all of the data it stole during a January cyberattack on the government servers of Linn County, Oregon.

Conti released nearly 1,500 documents Wednesday. Linn County officials said they chose not to pay a ransom after realizing that they had backups and determining that the data was not particularly sensitive.

Administrative officer for Linn County Darrin Lane told that the attack began on the morning of Jan. 24 and that the county’s IT team immediately began shutting down networks in order to limit the damage:

The attack did impact our Road Department servers and we did receive information from the attackers that they had downloaded data from a Road Department server. We were provided with what appeared to be a directory listing of the server and that enabled us to understand what data was taken.

Fortunately, we had robust backups of all affected servers and datasets.

No data of any consequence was lost and all systems were back up and running by the end of the week with most back within three days.

The county eventually realized that the attack was limited to two active directory domains. The attack brought down the government’s website, but several departments and offices were not affected, including the Sheriff’s Department or the Health Services Department.

After a consultant spoke with Conti operators, the county decided against paying the ransom because much of what was stolen was not sensitive data and "would likely be considered public records under Oregon Law," Lane said.

Conti’s attack also encrypted Costa Rican government data this month. The notorious ransomware group has threatened to delete encryption keys if the redemption wasn’t paid in one week.