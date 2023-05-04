A ransomware attack on the city of Dallas that has “significantly impacted” police and compromised other city services was initiated by a prolific group called Royal, officials said Thursday.
The city’s Information and Technology Services department “and its vendors continue to work around the clock to contain the outage and restore service, prioritizing public safety and public-facing departments,” a news release said.
City manager T.C. Broadnax said he is optimistic that the risk is contained.
“Since City of Dallas’ Information and Technology Services detected a cyber threat Wednesday morning, employees have been hard at work to contain the issue and ensure continued service to our residents,” he said in the news release.
“For those departments affected, emergency plans prepared and practiced in advance are paying off,” he said. “We apologize for any inconvenience and thank residents for their understanding as we continue to work around the clock until this issue is addressed.”
Broadnax wasn’t immediately available for further comment. Dallas police directed inquiries about the investigation into the ransomware attack to the FBI, which is typically the lead federal agency for cyber attack cases.
Melinda Urbina, a spokesperson for the FBI’s Dallas bureau, said the agency is aware of the attack and is in contact with city officials. She declined to provide additional details about the investigation.
Dallas police Chief Eddie García said in a written statement that the department’s operations have been “significantly impacted” by the outage. Emergency plans that were prepared and practiced in advance are in place now, he said.
The department’s computer-assisted dispatch system is in the process of being brought back online and calls are still being dispatched, the chief said. The system used by police for offense reports and jail intake is also affected, prompting personnel to conduct those tasks manually, García said.
The Dallas Police Department’s website, internal share drives and applications for personnel matters are also affected, according to the chief.
“We want to [assure] the public even with these internal difficulties, police response continues across the city,” the chief said. “Regardless of the uphill battles, our men and women will always answer calls for service. Public safety remains our top priority.”
A sophisticated ‘gang’
Royal uses custom-made encryption, the FBI and U.S. Cybersecurity and Infrastructure Security Agency said in a recent joint advisory. The group originated around September, the entities said, and has compromised U.S. and international organizations.
Royal is a sophisticated “gang” that uses traditional and new ways of infiltrating victims’ systems, said Dr. Bhavani Thuraisingham, professor of computer science at the University of Texas at Dallas.
Authorities say “threat actors” with Royal gain access to victim networks through phishing over 66% of the time. The group can also gain access into a system through remote desktop control tools, Thuraisingham said.
Royal actors also threaten to publicly release the encrypted data if the victim does not pay the ransom, the FBI said in the advisory. It was not immediately clear what demands Royal has made to Dallas.
There have been 152 confirmed ransomware attacks against governmental agencies and educational institutions in the U.S. since January 2022, according to research completed by Comparitech, a cybersecurity company. Governmental agencies include many cities and counties, the Florida Supreme Court, and the U.S. Marshals Service in Virginia. Educational institutions include universities, colleges and local school districts.
There have been at least 11 confirmed ransomware attacks in Texas since March 2022, including attacks on the Mansfield Independent School District, Rice University and the city of Tomball, according to Comparitech.
Royal was responsible for the ransomware attack against the Dallas Central Appraisal District late last year that caused its operations to be stunted for 72 days. Authorities believed the attack happened after an employee fell for a phishing scam.
A ransomware attack occurs when a perpetrator gains access to a system, usually through malicious software, according to the Cybersecurity and Infrastructure Security Agency. The attacker then encrypts the server’s data and makes demands in return for its decryption.
On Thursday, a temporary website for the city of Dallas directed users to its Twitter account, @CityOfDallas, for updates.
“The City is experiencing a service outage and is working to restore services. We appreciate your patience during this time,” a banner on the temporary website reads.
As of Thursday, the city had not tweeted any mention of the ransomware attack from its account. The city of Dallas’ news portal, where updates to the outage can be found, was functional Thursday morning.
Most departments’ websites direct users back to the temporary site — including 311 services, municipal courts and Dallas water utilities.
The city said Dallas police and Dallas Fire-Rescue services to residents and 911 dispatch remain unaffected. Police and Fire-Rescue websites remained down Thursday.
Dallas Fire-Rescue spokesperson Jason Evans on Wednesday said the agency was using “manual dispatch operations” because of problems with the computer-assisted system, which helps first responders respond to emergency calls. He declined to provide additional information Thursday, instead referring to the city’s website for any updates.
311 services
In a tweet, the city’s 311 services said its website and app remained down. The message directed residents to call 311 to submit a service request. Non-emergency services may be delayed, the city’s news release said.
The municipal court said in a notice posted to its site Wednesday that all jury trials and jury duties were canceled for the day. When reached by the phone, a representative said all courts were closed for the day Thursday.
The city said the courts’ LiveChat service is inaccessible and all cases will be reset. Jurors do not need to report and notices will be sent by mail, the news release said.
With just two days until Election Day, the city said the election is unaffected. Dallas County will share official results.
Claire Crouch, a spokeswoman for the Dallas County district attorney’s office, said no trials have been impacted by the attack. Systems used by the district attorney’s office were not affected, Crouch said.
The Dallas Public Library system’s main website was accessible Thursday morning, but its catalog and databases were down.
Melissa Dease, communications administrator for the library, said residents can still check out books but may not be able to see updates to their accounts. The libraries are using the “old-school” system of writing down what books are being checked out and returned, she said.
Dease said computer services at the branches are “up and down” Thursday. She encouraged residents to call ahead to their branches to check if printing, faxing and computer services are available.
Sites that were working as of Thursday morning included the open records request center, a calendar of city meetings, and videos of City Council meetings.
