Ransomware attack disrupts reporting process at Oregon Secretary of State

Print Friendly, PDF & Email

The Oregon Secretary of State is responding to a ransomware attack that disrupted the state’s online campaign finance reporting system on Sunday, May 9. It’s important to note here that the state was not the victim of the attack, and no sensitive data in the Secretary of State (SoS) systems has been exposed. The ransomware attack disrupted a service provider to the Oregon SoS. Or more accurately, the attack disrupted a service provider to a service provider to the Oregon SoS.

The campaign finance reporting system ORESTAR is a web application that state and local candidates and committees use to submit their reports. The login information for ORESTAR is housed in a database owned by campaign finance firm C&E Systems. C&E Systems uses Opus Interactive as a web hosting provider. Opus Interactive was the victim of a ransomware attack that disrupted its services and impacted the data in the C&E database. Because the login information of the ORESTAR application was compromised, the Oregon Secretary of State is reassuring the public that voter and election data have not been breached:

The Oregon Secretary of State has not been hacked. No sensitive data on our systems has been exposed. No systems related to elections administration have been compromised.

“None of our systems have been compromised,” said Chris Molin, Oregon Secretary of State Information Systems Division Director. “Out of an abundance of caution, we are taking steps to protect isolated users impacted by the attack, and communicating proactively about the issue to prevent confusion.”

Impact on operations across organizations

Perception and public trust are especially important right now because the Oregon primary election is on May 17. Because Oregon voters submit their ballots by mail or drop box, hundreds of thousands of ballots have already been returned.

The Oregon SoS office has already advised ORESTAR users on how to proceed with campaign finance reporting, and C&E Systems is operating manually and offline. The Opus Interactive status page reports that the company is still offline:

Update – We are currently unable to offer an ETA at this time, due to each restoration varying by size and workload complexity. However, we are continuing to do our best with our restoration work. Please check back to track our progress, as we continue to provide updates. We greatly appreciate your patience and understanding. Thank you.
May 12, 14:04 PDT

The Opus Interactive website is currently offline, but the company has issued this update on LinkedIn:

While C&E Systems performs its work manually, Ruby Receptionists has rebuilt its system on AWS and is returning to normal operations:

May 12 12:18 PT Outage Update:

Ruby is happy to report our reception services are back online from coast-to-coast and our Receptionists have been successfully answering calls for our customers since 7:05am PT.

Ransomware in an interconnected world

Ransomware doesn’t have to hit your systems to disrupt your operations. The Oregon SoS is fighting the perception of an election hack, C&E Systems is working without its database, and Ruby Receptionists was out of business for a couple of days before restoring their system on AWS. There is some chatter on Reddit about the extent of the damage to Opus Interactive, but not much information from the company is available.

This is a nightmare scenario for any company, and not all companies could survive.

Barracuda can help protect your organization from ransomware and other advanced threats. Visit www.barracuda.com for more information.


Scroll to top