The City of Dallas, Texas, has suffered a ransomware attack that resulted in disruption of several of its services.
What do we know so far?
“Wednesday morning, the City’s security monitoring tools notified our Security Operations Center (SOC) that a likely ransomware attack had been launched within our environment,” the City’s public statement revealed.
“Subsequently, the City has confirmed that a number of servers have been compromised with ransomware, impacting several functional areas, including the Dallas Police Department Website. The City team, along with its vendors, are actively working to isolate the ransomware to prevent its spread, to remove the ransomware from infected servers, and to restore any services currently impacted. The Mayor and City Council was notified of the incident pursuant to the City’s Incident Response Plan (IRP).”
CBS Texas has published an image of the ransomware note, which has reportedly been sent through the City of Dallas’ network printers.
Based on the content of the note, the Royal ransomware operation seems responsible for the attack.
Royal ransomware is sophisticated, evolving malware first spotted in early 2022. The group wielding it is a private group that targets primarily large enterprises.
“Rather than selling Royal as a ransomware-as-a-service (RaaS), [the group] purchases direct access to corporate networks from underground Initial Access Brokers (IABs) and manages the attack campaigns internally,” BlackBerry researchers say, adding that the group is also known for engaging in double extortion tactics.
It’s unclear how the threat actors managed to access the systems. The ransom note indicates that they have encrypted the data and plan to post sensitive information online.
Some services are offline
Following the ransomware attack, the Police Department and City Hall websites have been taken offline to prevent further spread of the malware.
In the meantime, the Information and Technology Services Department (ITS) is working to identify the cause of the disruption and shutting down any impacted devices.
“Currently less than 200 of the City’s thousands of devices are impacted, but if any City device is at risk, it will be quarantined and blocked by ITS. For compromised machines, restoration will prioritize public safety, anything public-facing, then all other departments,” the updated public statement informs.
All services provided by the Dallas Police Department, Dallas Fire-Rescue Department, 911 and 311 calls remain operational. Requests are being dispatched without any interruptions or delays.
Payments for Dallas Water Utilities can still be processed via IVR, but online payment processing may experience some delays. The Municipal Court is expected to be closed on Thursday.