CBS journalist J.D. Miles first reported on the message Friday, posting a screenshot of it on Twitter. “‘There is still no indication that data from residents, vendors, or employees has been leaked,”’ the message said, quoting a city of Dallas statement from earlier this week.
“So, we are going to indicate that the data will be leaked soon. We will share here in our blog tons of personal information of employees (phones, addresses, credit cards, [Social Security Numbers], passports), detailed court cases, prisons, medical information, clients’ information and thousands of thousands of governmental documents.”
The message was originally posted on the hacker group’s website, and screenshots of it are making the rounds on social media.
The group behind the hack, called Royal, also took down the Dallas Central Appraisal District website for weeks after a separate attack in November. The most recent attack against Dallas began on May 3, and the city has been working to fully restore services ever since.
The FBI and U.S. Cybersecurity and Infrastructure Security Agency (CISA) put together a report on the ransomware group in March. The group is responsible for numerous attacks to critical infrastructure, including manufacturing, communications and health care. Most of their attacks start with phishing emails, according to the report. The group demands a ransom to be paid in Bitcoin in amounts ranging from $1 million to $11 million.“So, we are going to indicate that the data will be leaked soon." – Royal, ransomware group
tweet this
Some social media users took the message as confirmation that Royal was behind the attack. The city of Dallas issued a statement about the message Friday afternoon, saying officials were aware of the post.
"The city of Dallas is aware of a post from what appears to be the Royal ransomware group threatening to release city data," the statement said. "We continue to monitor the situation and maintain there is no evidence or indication that data has been compromised. Measures to protect data are in place."
The Dallas County District Attorney’s Office issued a statement about the attack the day before the hackers' message was posted.
In the statement, Claire Crouch, a spokesperson for the DA’s office, said the office is working with the city and Dallas Police Department to make sure criminal cases were still being filed and processed in accordance with the law.
“The DA’s Office has worked collaboratively with Dallas Police to implement contingency measures to mitigate the impact of the ransomware attack,” Crouch said in the statement. “To ensure the continuity of justice, we have established alternative communication channels to facilitate seamless coordination and information sharing while maintaining the security and safety of the DA’s Office’s computer systems.”
She added, “We anticipate that the longer this goes on the greater chance for obligations on the DA’s part will be affected.”
Scott Palmer with Dallas law firm Scott H. Palmer PC said he wasn’t aware of any of his cases being affected by the hack. But The Dallas Morning News reported early Friday morning that the Dallas Police Department is having trouble accessing some of its physical and digital evidence as a result of the ransomware attack. This has started to disrupt some trials, defense lawyers told the News.
The latest estimate is that it could take weeks or even months for city services to be fully restored.