Ransomware attack disrupts Dallas police, city services

The City of Dallas is working to restore key services impacted by a ransomware attack that impacted the police department, courts and other services.

On Wednesday afternoon, the city released a statement announcing a number of servers had been compromised by ransomware, disrupting "several functional areas," such as water utilities, court services and the Dallas Police Department's (DPD) website. The city said its security monitoring tools detected the activity and notified Dallas' security operations center that "a likely ransomware attack had been launched within our environment."

The City of Dallas said less than 200 devices were affected and that "911 calls continue to be received and dispatched." Despite technological disruptions, the city says that DPD and Dallas Fire-Rescue Department services to residents remain unaffected.

In an update Thursday morning, the city attributed the attack to the Royal ransomware gang. City Manager T.C. Broadnax also said in a statement that the attack was contained.

"Since City of Dallas' Information and Technology Services detected a cyber threat Wednesday morning, employees have been hard at work to contain the issue and ensure continued service to our residents," Broadnax said. "While the source of the outage is still under investigation, I am optimistic that the risk is contained. For those departments affected, emergency plans prepared and practiced in advance are paying off. We apologize for any inconvenience and thank residents for their understanding as we continue to work around the clock until this issue is addressed.

Several media outlets, including CBS News Texas, had reported earlier this week that the Royal ransomware gang was behind the attack, based on a ransom note. The group claimed that it also stole sensitive data and threatened to publish it online.

Like many other ransomware gangs, Royal is known to exfiltrate large amounts of data prior to encrypting the targeted systems. The gang also uses intermittent encryption to avoid detection and infect systems faster. While it's likely that Royal threat actors exfiltrated data to further extort the city, there has been no confirmation whether sensitive data was stolen from the city nor if Royal made a specific ransom demand.

The city's Office of Communications, Outreach and Marketing declined to comment further.

Major cities in the United States have been hit by threat actors in the past, including Atlanta, Oakland and New Orleans. In May 2019, threat actors infiltrated Baltimore's city government network and used Robinhood ransomware to encrypt critical servers.

While city officials refused to paying the ransom, government email systems and payment platforms remained offline for extended periods. City officials eventually allocated $6 million from a fund for parks and public facilities to pay for the impacts of the attack.

The full effects of the Dallas ransomware attack are unknown, but announcements on remediation are to come. The Dallas announcement states that DallasCityNews.net would be updated at least once a day while the city works "to assess the complete impact" and promises restoration of comprised machines in the name of public safety.