Ransomware Group: RHYSIDA

VICTIM NAME: Oregon Department of Environmental Quality

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the RHYSIDA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak pertains to the Oregon Department of Environmental Quality, a public sector organization based in the United States. The attack was discovered on April 15, 2025, with the compromise date being the same day. The incident involved a significant data breach involving over 2.5 terabytes of data, including sensitive information such as SQL databases and employee records. The target organization maintains approximately 17 employee accounts, and the breach has exposed their internal data to cybercriminals. The adversaries claim to have obtained this data and have publicly announced the breach, warning about the potential misuse of stolen information.

Threat actors from the group identified as “rhysida” are responsible for this attack. They have provided a URL linking to the leak site where the stolen data is hosted, although no specific download links or leak details are provided in the summary. The malicious actors report that they have acquired data from multiple third-party sources as well, further complicating the security landscape for the victim. The attack involved multiple types of info-stealer malware, including well-known tools such as Raccoon, RedLine, Lumma, and others, which contributed to the extensive data collection. A screenshot or visual evidence was not provided, but the aftermath suggests a serious compromise of sensitive government-related data. The breach underscores vulnerabilities within the organization’s cybersecurity defenses and raises concerns about potential future abuses or data misuse.