Ransomware Attackers Threaten Release of Dallas Data | Dallas Observer

Ransomware Attackers Threaten Release of Dallas Data

The group behind the cyber attack against Dallas claimed it will soon release data stolen from the city unless paid a ransom.
The hacker group behind the ransomware attack, Royal, has some members in Russia.
The hacker group behind the ransomware attack, Royal, has some members in Russia. B_A, CC0, via Wikimedia Commons
Share this:
The city of Dallas has been working to get all of its services back online after suffering a ransomware attack about three weeks ago. To date, no city of Dallas resident or employee’s personal data has been compromised or leaked, city officials say. But that could change soon, according to an alleged message from the hackers themselves.

CBS journalist J.D. Miles first reported on the message Friday, posting a screenshot of it on Twitter. “‘There is still no indication that data from residents, vendors, or employees has been leaked,”’ the message said, quoting a city of Dallas statement from earlier this week.

“So, we are going to indicate that the data will be leaked soon. We will share here in our blog tons of personal information of employees (phones, addresses, credit cards, [Social Security Numbers], passports), detailed court cases, prisons, medical information, clients’ information and thousands of thousands of governmental documents.”

The message was originally posted on the hacker group’s website, and screenshots of it are making the rounds on social media.

The group behind the hack, called Royal, also took down the Dallas Central Appraisal District website for weeks after a separate attack in November. The most recent attack against Dallas began on May 3, and the city has been working to fully restore services ever since. 

“So, we are going to indicate that the data will be leaked soon." – Royal, ransomware group

tweet this
The FBI and U.S. Cybersecurity and Infrastructure Security Agency (CISA) put together a report on the ransomware group in March. The group is responsible for numerous attacks to critical infrastructure, including manufacturing, communications and health care. Most of their attacks start with phishing emails, according to the report. The group demands a ransom to be paid in Bitcoin in amounts ranging from $1 million to $11 million.

Some social media users took the message as confirmation that Royal was behind the attack. The city of Dallas issued a statement about the message Friday afternoon, saying officials were aware of the post.

"The city of Dallas is aware of a post from what appears to be the Royal ransomware group threatening to release city data," the statement said. "We continue to monitor the situation and maintain there is no evidence or indication that data has been compromised. Measures to protect data are in place."

The Dallas County District Attorney’s Office issued a statement about the attack the day before the hackers' message was posted.

In the statement, Claire Crouch, a spokesperson for the DA’s office, said the office is working with the city and Dallas Police Department to make sure criminal cases were still being filed and processed in accordance with the law.

“The DA’s Office has worked collaboratively with Dallas Police to implement contingency measures to mitigate the impact of the ransomware attack,” Crouch said in the statement. “To ensure the continuity of justice, we have established alternative communication channels to facilitate seamless coordination and information sharing while maintaining the security and safety of the DA’s Office’s computer systems.”

She added, “We anticipate that the longer this goes on the greater chance for obligations on the DA’s part will be affected.”

Scott Palmer with Dallas law firm Scott H. Palmer PC said he wasn’t aware of any of his cases being affected by the hack. But The Dallas Morning News reported early Friday morning that the Dallas Police Department is having trouble accessing some of its physical and digital evidence as a result of the ransomware attack. This has started to disrupt some trials, defense lawyers told the News.

The latest estimate is that it could take weeks or even months for city services to be fully restored.
Can you help us continue to share our stories? Since the beginning, Dallas Observer has been defined as the free, independent voice of Dallas — and we'd like to keep it that way. Our members allow us to continue offering readers access to our incisive coverage of local news, food, and culture with no paywalls.