The City of Dallas, Texas, confirmed a ransomware attack that impacted several internal IT systems and public-facing websites.
“Wednesday morning, the City’s security monitoring tools notified our Security Operations Center (SOC) that a likely ransomware attack had been launched within our environment.”
The ninth-largest city in the United States said vendors were working to restore impacted services. Meanwhile, most local government departments resorted to manual systems to avoid disrupting essential services such as police dispatch and emergency response.
Dallas ransomware attack disrupts city services
City officials “confirmed that a number of servers have been compromised with ransomware, impacting several functional areas, including the Dallas Police Department Website.”
However, the city assured the public that its security teams were “actively working to isolate the ransomware to prevent its spread, to remove the ransomware from infected servers, and to restore any services currently impacted.”
While most online services remained inaccessible, the city said it was still trying to assess the impact of the ransomware attack.
The Dallas Police Department resorted to manual 911 call dispatch systems instead of the regular computer-assisted dispatch system. However, Dallas Police Chief Eddie Garcia assured residents that the ransomware attack would not hamper police response, adding that public safety was a top priority.
“We want to ensure the public even with these internal difficulties, police response continues across the city,” Garcia said. “Regardless of the uphill battles, our men and women will always answer calls for service.”
Dallas Fire Rescue website was affected, but the city assured residents that emergency response services would not be affected.
The ransomware attack also affected the city municipal court systems, postponing some jury trials. Additionally, Dallas Water Utilities services could not process online payments, but the city promised to keep the taps running until the issue was resolved. And the Dallas Public Library website also crashed, forcing staff to use the manual lending system.
Many public-facing services provided temporary web pages or directed users to social media pages to keep services running and update residents.
The FBI has acknowledged the ransomware attack and reportedly formed a task force to investigate the incident.
Since January 2022, at least 152 ransomware attacks, including 11 in Texas alone, have devastated various government agencies and learning institutions, according to Comparitech.
“Local government offices continue to be a target for ransomware groups, as we’ve seen for the past couple of years,” said Roy Akerman, Co-Founder & CEO of Rezonate. “For the most part, their infrastructure is outdated, their controls are not tuned, and therefore, in the case of a compromise, the impact is greater than it should be, resulting in a complete disruption of operations.”
Royal cyber gang claims responsibility for Dallas ransomware attack
Royal ransomware gang has claimed responsibility for the City of Dallas attack. Numerous sources reported that the City of Dallas’ printers started churning out the group’s ransom notes.
However, the amount demanded was still a secret, and neither the city nor the group openly discussed the proposed settlement.
Cybersecurity experts believe Royal ransomware is an offshoot of the defunct Conti ransomware that wrapped up operations on May 19, 2022.
On March 2, 2023, the Cybersecurity and Infrastructure Security Agency (CISA) published a security advisory about the Royal ransomware gang targeting organizations with a custom encryption program.
The alert stated that the threat actor disables antivirus programs and exfiltrates large amounts of data after gaining access before encrypting devices.
CISA noted that Royal ransomware demands between $1 million to $11 million in Bitcoin and does not often indicate the amount on the ransom note.
“Royal actors have targeted numerous critical infrastructure sectors including, but not limited to, Manufacturing, Communications, Healthcare and Public Healthcare (HPH), and Education,” CISA said.
Royal ransomware has struck Texas twice in less than six months, having compromised the Dallas Central Appraisal District in November 2022 and receiving $170,000 in ransom payment. Cyber experts concluded that the threat actor gained access after phishing employees.
“Many times, ransomware and other cyberattacks are the result of phishing, so we recommend all organizations, as well as individuals, utilize a password manager and strong, unique passwords to stop attacks on the frontline,” said Darren Guccione, CEO and Co-Founder at Keeper Security.