Dallas County says it prevented file encryption during ransomware attack

The hacker organization “Play” has claimed responsibility for a cyberattack in which it claims to have stolen thousands of files.
Dallas skyline
(Getty Images)

External cybersecurity professionals helped prevent any encryption of Dallas County government files or systems following a recent cyberattack, the city announced this week.

A ransomware attack the county detected Oct. 19 is the second to occur in North Texas in just five months after the Dallas city government was subject to a ransomware attack in May, disrupting several city services and leaking the personal information of more than 30,000 residents.

Once Dallas County detected the cyber incident, it retained cybersecurity professionals from the private sector to assist in efforts to contain the threat and investigate the attack, according to the latest cybersecurity notification update provided by the county.

“Currently, our work with the cybersecurity firm is ongoing,” the update read. “While our goal is to be transparent and forthcoming with information relating to the incident, we do not want to make premature assumptions about the extent of impact or other details, which may evolve as the forensic investigation advances.”


Though the county maintains that files were not encrypted, CBS News on Tuesday reported that the hacker group “Play” has claimed responsibility for the attack and that it stole thousands of files. The group stated that private documents of Dallas County departments will go up for sale on the dark web if an unspecified ransome is not paid by Friday, according to CBS News.

Lauren Trimble, chief of staff for Dallas County Judge Clay Lewis Jenkins, did not confirm claims from the ransomware group and did not provide more details, citing the ongoing investigation. 

The county said the threat was contained thanks to an endpoint detection and response tool deployed across its network, forced password changes for all users, mandated multi-factor authentication for remote access and blocking traffic to malicious IP addresses.

“Currently, there is no evidence of ongoing threat actor activity in our environment,” update read. “Given these measures and findings, it appears at this time that the incident has been successfully contained and that Dallas County’s systems are secure for use.”

Latest Podcasts