Dallas, Texas – Two days after the city of Dallas fell victim to a cyber-attack, its official Facebook page provided guidance for residents on securing their devices by enhancing password strength. Interestingly, the city’s Information and Technology Services department was simultaneously managing a ransomware attack by the group known as Royal, which had previously targeted the appraisal district’s data.
According to Dallas Metro News, a media outlet reporting about Dallas local news, the city has not disclosed specific information about the attack but has confirmed that its technology personnel are working diligently to mitigate damage and restore all systems. City Manager T.C. Broadnax expressed optimism that the risk has been contained and praised the effectiveness of emergency plans prepared in advance.
While the city’s news portal continues to offer updates, several critical websites remain offline, including the public library website, city meeting calendars and agendas, city meeting videos, and the open records request portal. The city’s development services webpage is also down, preventing the processing of permits.
Dallas police Chief Eddie Garcia acknowledged that emergency plans have been helpful in responding to the attack, but the department’s operations have been significantly affected. Handwritten reports and jail intake forms have been issued, and the department’s website, internal shared drives, and personnel software have been impacted. Dispatchers, however, can still allocate officers as necessary.
The Dallas Fire Department has also had to manually dispatch firefighters via radio due to the outage. Cybersecurity firm TrendMicro reports that Royal attacks were first recorded in September last year. The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency issued a joint report in March warning of a new Royal ransomware variant that emerged in September 2022, with a custom file encryption program used by criminals to lock users’ systems until a ransom is paid.
While the city has not confirmed whether it received a demand from Royal, bleepingcomputer.com claims to have a copy of a note the attackers allegedly sent to the city printers on Wednesday morning, instructing the city to contact an onion URL on the dark web.
Experts speculate that local governments are vulnerable to ransomware due to inadequate cybersecurity investments and a mix of outdated and new infrastructure. StateTech’s Mol Doak explained that constrained budgets and small teams often lead to insufficient platform protection.
The city’s IT department has faced several high-profile incidents in the past two years, including accidental data deletions and issues with oversight and data governance. A report published by the city’s IT Services department identified thirteen recommendations for improvement and promised a plan of action with benchmarks.