Cyber Incident Victim: Linn County

On January 24, 2022, at approximately 6:00 a.m., Linn County, Oregon, discovered a ransomware infection affecting multiple computer systems. The county's IT department responded by immediately shutting down all compromised systems to contain the attack and limit further spread of the malware. This containment action resulted in widespread service disruptions, including the takedown of Linn County's official website and the offline status of numerous internal systems. These outages impaired the county's ability to deliver standard services to residents, though critical emergency services remained operational. County officials confirmed the Linn County Sheriff’s Office systems were unaffected by the incident, maintaining normal law enforcement operations. The Health Services Department also avoided direct infection, though some of its systems were proactively disabled as a precautionary measure against potential malware propagation. Initial assessments indicated no evidence of unauthorized access to or exfiltration of public or employee personal data during the incident.

Linn County activated a coordinated response involving state and federal agencies alongside private cybersecurity resources to investigate the attack and restore systems. Departments established alternative communication channels, directing residents to contact offices via telephone during the outage. County officials prioritized transparency, issuing public statements through news releases while refraining from speculating about the attackers' identity or motives. Recovery efforts focused on methodically bringing systems back online without reactivating dormant malware. The county committed to providing additional updates as the situation evolved, maintaining operational continuity for essential services throughout the response. No ransom demands or specific threat actor claims were disclosed in the initial reporting period.