Dallas recovering from ransomware attack on city systems

The city of Dallas is working diligently to restore computers and data systems after a ransomware attack. The attack occurred last week and impacted several systems, leaving them inaccessible for several days. Among the affected systems were dallascityhall.com and dallaspolice.net; both are back online as of Monday.

Ransomware is a type of malware that locks people out of their own data and computers until they agree to pay a ransom. The city’s municipal court system is still down, but extensions without penalty will be given to people with a citation or documents due to the court while the system is being restored.

The city assures citizens that no personal information has been leaked, and they will inform anyone if that should change. Additionally, city officials warn against potential fraudsters who may reach out to citizens asking for a payment or personal information. Anyone receiving such a request should take down the person’s name and number and report it to the city.

911 and 311 calls are still being taken via phone and radio dispatch because the computer-assisted dispatch systems are being tested to ensure that they are free of malware. The city has stated that the computer-assisted dispatch systems should be up and running again early this week.

Although details of the ongoing criminal investigation in this matter are limited, the city is exploring all options to remediate the attack. The city pointed out that most common ransomware attacks target vulnerable systems with weak or default credentials, or use phishing to trick users into giving up their information for fraudulent purposes.

The total number of affected devices remains unclear, although some 1,900 mobile devices shared between the Dallas Police Department (DPD) and Dallas-Fire Rescue (DFR) are used for the computer-assisted dispatch systems and have been offline for testing. As city staff and contractors review devices, ensure they are secure, and bring them online, computer-assisted dispatch functionality will increase for DPD, DFR, and 311.

The group allegedly behind the attack is called Royal, and it was responsible for the Dallas Central Appraisal District website hack in November 2022. The ransomware group is detailed in an advisory published by the FBI and U.S. Cybersecurity and Infrastructure Security Agency (CISA) in March. It said that Royal has successfully pulled off attacks across the country, demanding ransom payments ranging from $1 million to $11 million in Bitcoin.

Dan Cogdell, a partner with the law firm JonesWalker who specializes in white-collar criminal defense and has worked on a number of hacking cases over the years, commented on the attack, saying, “It’s potentially devastating. It can cripple a company, companies, industries, nations.” He compared ransomware attacks to bank robberies, stating that robbers rob banks because that’s where the money is. Ransomware attacks are no different, he said, “This is the new thing. This is the wave of the future.”

In conclusion, Dallas is making steady progress in restoring its systems after a ransomware attack, maintaining that all options are being explored to remediate the situation. Ransomware attacks are continuing to be a growing concern globally and require well-developed and robust prevention processes to minimize their disastrous impacts.