| Crime |

Recovery Continues 3 Weeks After Carrollton Cyberattack

Some services at the city's libraries were unavailable for a week.
Some services at the city's libraries were unavailable for a week.
Lucas Manfield

Cyber criminals struck again in Texas last month, this time in the Dallas suburb of Carrollton, where officials have grappled for weeks with the impacts of an attack that took out the city's website and paralyzed some municipal services.

The attack took the city’s website and email servers offline, disabled a system for processing utility bill payments and prevented the issuing of new library cards. Email was quickly restored but the city’s website was down until Thursday afternoon, three weeks after the Oct. 10 attack.

Without access to email, city officials resorted to doing business over the phone.

“We had to scramble to find solutions,” said city spokeswoman Susan Prosoco, who described the incident as a "large-scale cyberattack."

A criminal investigation is ongoing, she said, and the city is being assisted by the FBI and the Department of Homeland Security, as well as the Texas Department of Information Resources, which has led the state’s response to recent cyberattacks on local governments.

Prosoco could not disclose any other details about the attack, but she said the city has not paid any money to the attackers. There was no disruption in emergency services and "residents' information has not been affected," she said.

The library's computer systems were down for a week, forcing the city to waive fines and extend due dates for checked-out books.

The Department of Information Resources refused to comment on the Carrollton attack and declined to give any additional details about other attacks that may have occurred in recent months.

The Carrollton attack is only the latest in a string of cyberattacks on cities and government agencies in Texas that have disrupted services and alarmed lawmakers. More than 20 government entities were hit in a single ransomware attack in August.

Those hit included Wilmer and Kaufman — two other cities near Dallas — which are among more than 40 municipalities that have been victimized across the country in the last year, The New York Times reported. In that attack, criminals targeted a software provider shared by many Texas cities.

"A lot of folks in Texas use providers to do that, because we don't have a staff big enough to have IT in house," Mayor Gary Heinrich of Keene, another targeted city, told NPR.

Attackers encrypted files and demanded a bounty of $2.5 million to unlock them. Officials refused to pay, opting instead to restore services manually, a process that took weeks.

Cybersecurity has been receiving new attention from state and national lawmakers. Texas passed a bill earlier this year mandating cybersecurity training for local government officials. The training hasn’t yet gone into effect, however. The state began the process of certifying the programs in September.

But it may take more than employee training programs to prevent future attacks.

“Cyber criminals love outdated IT hardware, software and systems, and unfortunately our state government has plenty of costly old IT,” state Rep. Giovanni Capriglione, a Tarrant County Republican, said in a statement earlier this year.

Furthermore, cities and local governments are often understaffed and underfunded, said Randy Watkins, chief technical officer of the Plano cybersecurity firm Critical Start.

"You can require that they all have the next-generation anti-virus and next-generation firewall and give them enough money to buy the product, but they still don’t have enough manpower to operationalize and maintain those systems," he said.

Meanwhile, Carrollton officials continue to work to restore city services.

"We’re not completely done yet, but we are very proud of the progress we’ve made," Prosoco wrote in an email late Thursday afternoon.

We use cookies to collect and analyze information on site performance and usage, and to enhance and customize content and advertisements. By clicking 'X' or continuing to use the site, you agree to allow cookies to be placed. To find out more, visit our cookies policy and our privacy policy.


Join the Observer community and help support independent local journalism in Dallas.


Join the Observer community and help support independent local journalism in Dallas.