Around 2:30 p.m. Wednesday, the city said in a statement that it had likely fallen victim to a ransomware attack and that it was trying to isolate the attack and determine its scale. The next morning, the city said in a statement that a ransomware group called Royal was behind the attack and that the Information and Technology Services Department was working around the clock to contain it.
Despite these efforts, 311 service requests have been delayed, the courts are closed with all cases to be reset and Dallas Water Utilities isn’t able to process payments. The city’s code compliance services department is also seeing delayed responses and is unable to process single-family and multi-tenant registrations. If you’re planning a garage sale, the city said you’ll have to get your permit in-person at 3112 Canton St. until permitting services are back online.
The city also can’t receive applications or payments for development services, permitting, public works or zoning, and said permits across the departments can’t be issued at all at the moment. Dallas Animal Services is still responding to injury and emergency calls, but other requests for service may be delayed by the hack.
“While the source of the outage is still under investigation, I am optimistic that the risk is contained." – Dallas City Manager T.C. Broadnaxtweet this
“Since city of Dallas’ Information and Technology Services detected a cyber threat Wednesday morning, employees have been hard at work to contain the issue and ensure continued service to our residents,” Dallas City Manager T.C. Broadnax said in a statement Thursday. “While the source of the outage is still under investigation, I am optimistic that the risk is contained. For those departments affected, emergency plans prepared and practiced in advance are paying off.”
Even with all of these disruptions, the city said the Dallas City Council elections this weekend won't be affected by the cyber attack.
While calls for service are still being dispatched, Dallas Police Chief Eddie Garcia said the hack has “significantly impacted” the department’s operations, and some more automated tasks are now having to be done manually, according to The Dallas Morning News. The police department’s website is also unavailable.
Dallas Fire-Rescue is going through something similar, relying on manual dispatching and radio communication until all of its systems are back online. Friday morning, Jim McDade, president of the Dallas Fire Fighters Association, told the Observer that operations were still being done manually by DFR and there was no update on when things would return to normal.
The ransomware group Royal was also behind the attack that took down the Dallas Central Appraisal District website last November, interrupting services for 72 days. The FBI and U.S. Cybersecurity and Infrastructure Security Agency (CISA) put out an advisory on the group in March this year, warning that it had pulled off attacks in the U.S. and abroad, its targets ranging from manufacturing to healthcare organizations.
After Royal gains access to a system, it uses a custom-made file encryption program to lock the system until a ransom is paid, according to the intelligence agencies’ breakdown of the group. Royal has been pulling off these attacks since at least last September, demanding payments in Bitcoin ranging from $1 million to $11 million.
The city of Dallas is posting regular updates about its response to the attack at dallascitynews.net while the rest of its websites are down.