Dallas reports 90% recovery from ransomware attack
Officials in Dallas said this week that nearly all of the systems damaged by a ransomware attack last month have been recovered, including online payments, municipal court scheduling and several functions related to public safety.
The update came five weeks into Dallas’ ransomware ordeal, which initially spread across the city, including to its police and fire departments, which went without their computer-aided dispatch system, forcing 911 operators to manually transcribe and relay requests for aid.
The CAD system was brought back online in mid-May, officials said. Several other systems have returned since then, including a service to schedule appointments with the city animal shelter. And a major milestone occurred last week, when Dallas municipal courts reopened after nearly a month, with an upgrade to its case-processing system.
“The painstaking work has involved a comprehensive review of each system and each device to ensure that they are free of malware, the installation and implementation of additional security components and protocols and the rebuild, reimagining and restoration from backups of servers and devices where necessary,” Dallas Chief Information Officer Bill Zielinski told the Dallas City Council on Monday, according to KDFW-TV, a Fox affiliate in the Texas city of 1.3 million.
A ransomware outfit known as Royal claimed credit for the attack against Dallas, which was detected May 3. The group is known as a spinoff of the notorious Conti operation, one of the most active ransomware strains since 2020. On May 19, the Royal group threatened on its blog to publish data stolen from Dallas — including “tons of personal information of employees (phones, addresses, credit cards, SSNs, passports)” — if a ransom was not paid. Nothing has been leaked. Zielinski did not tell the Dallas City Council if there has been any interaction between city officials or investigators with the Royal group.
While the Dallas courts, utility payments and water-meter readings are back to life, 10% of the damage remains, with many city agencies — including police, fire and the animal shelter — still using manual workarounds for some functions. The Dallas Public Library continues to be particularly hard-hit: The system’s online catalog and most branch computer terminals remain offline, and while materials can still be checked out, none can be returned.
Zielinski told the Dallas City Council on Monday that the library is on this week’s agenda.
The latest statement on Dallas’ main website indicates a citywide reset on cybersecurity is underway as well.
“We continue to work with our cybersecurity experts on additional steps to further enhance our security posture, including implementing additional cybersecurity software, deploying a system-wide reset across all user accounts, expediting the implementation of additional controls, and completely rebuilding impacted systems in a new, secure environment,” the statement read.