Dallas Getting Back Online After Recent Ransomware Attack | Dallas Observer

Dallas Is Getting Back Online After Last Week's Ransomware Attack

Dallas is still recovering from last week's ransomware attack.
The city of Dallas announced last Wednesday that it had fallen victim to a ransomware attack.
The city of Dallas announced last Wednesday that it had fallen victim to a ransomware attack. בר, CC BY-SA 3.0, via Wikimedia Commons
Share this:
The city of Dallas is still working to get all of its systems back online after a ransomware attack last week. The city reports steady progress: as of Monday, dallascityhall.com and dallaspolice.net are functioning again after the attack knocked them down for several days.

Ransomware is a kind of malware that locks people out of their own data and computers until they agree to pay a ransom.

The municipal court system is still down from the hack, so transactions due to the court will be accepted after the system is restored. People with a citation to pay or documents due to the court while the system is down will be given an extension without penalty.

No personal information has been leaked as a result of the attack, according to the city. If this changes, the city said it would reach out to people whose personal information may have been compromised. If anyone reaches out claiming to be with the city of Dallas asking for a payment or personal information, the city said to take down their name and number and report it to the city.

Calls to 911 and 311 are still being taken by phone and radio dispatch while the city’s computer-assisted dispatch systems are being tested to ensure they’re not still infected with malware. The city said in a statement Monday that the computer-assisted dispatch systems should be up and running again some time this week.

The attack is subject to an ongoing criminal investigation, preventing the city from saying much about it or whether a ransom will be paid. The city did say in a statement that it is exploring all options to remediate the hack. As for how it happened, the city pointed out that most common ransomware attacks target vulnerable systems with weak or default credentials, or use phishing to trick users into giving up their information for fraudulent purposes.

The city didn’t say exactly how many devices have been affected by the hack. But there are some 1,900 mobile devices shared between the Dallas Police Department (DPD) and Dallas-Fire Rescue (DFR) that are used for the computer-assisted dispatch systems, and all of those devices are down for testing. “As city staff and contractors review devices, ensure they are secure, and bring them online, computer assisted dispatch (CAD) functionality will increase for DPD, DFR and 311,” the city said in its statement.

“[Ransomware] can cripple a company, companies, industries, nations.” – Dan Cogdell, attorney

tweet this
The city experienced a separate network outage in April but said it had nothing to do with the ransomware attack. This outage was caused by hardware failures that led to interruptions in AT&T services to the city.

The group allegedly behind the attack, known as Royal, was responsible for the hack of the Dallas Central Appraisal District website in November 2022. That attack took the site down and interrupted services for 72 days.

The ransomware group is detailed in an advisory published by the FBI and U.S. Cybersecurity and Infrastructure Security Agency (CISA) in March. It said Royal has pulled off successful attacks across the country, demanding ransom payments from $1 million to $11 million to be made in Bitcoin.

Dan Cogdell, a partner with the law firm JonesWalker who specializes in white-collar criminal defense and has worked on a number of hacking cases over the years. “It’s potentially devastating,” Cogdell told the Observer, describing ransomware. “It can cripple a company, companies, industries, nations.” He said bank robbers rob banks because that’s where the money is. Ransomware attacks are no different, he said. “This is the new thing,” he said. “This is the wave of the future.”

In 2019, another ransomware group called REvil (also referred to as Sodinokibi) swiped data from 22 Texas municipalities, demanding $2.5 million. The group never got this payment, but kept pulling off hacks around the world. In 2021, two foreign nationals were charged for their involvement in deploying the attacks.

That attack didn’t affect Dallas. But another in 2021 did indirectly. That year, Ultimate Kronos Group, the human resources company that provides timekeeping services, told the city of Dallas that it had been the subject of a ransomware attack. The company provides timekeeping services for Dallas, so 2,411 of the city’s hourly employees were affected. Despite the hack, the city ensured that all those employees got their paychecks.
Can you help us continue to share our stories? Since the beginning, Dallas Observer has been defined as the free, independent voice of Dallas — and we'd like to keep it that way. Our members allow us to continue offering readers access to our incisive coverage of local news, food, and culture with no paywalls.