Dallas to spend $4M on threat detection after ransomware attack

Two months after a ransomware attack, the Dallas City Council approved a nearly $4 million contract for network threat detection.
Dallas skyline
(Getty Images)

The Dallas City Council approved a contract Wednesday to spend nearly $4 million on a network threat and anomaly system, almost two months after a ransomware incident knocked out services across the city.

The contract, which was approved without debate, authorized the city Department of Information and Technology Services to spend $3.9 million on products and services from Netsync, a Houston IT firm, over the next three years.

Dallas officials have steadily been repairing the damage of the May 3 ransomware attack, which resulted in the shutting down of online payments, municipal court scheduling and several systems related to public-safety, including computer-aided dispatching for the city’s police and fire departments. A police evidence system was also briefly impacted, which slowed down some investigations, including one related to a mass shooting in nearby Allen, Texas.

Bill Zielinski, the city’s chief information officer, said June 6 that 90% of affected services had been restored. Systems at the Dallas Public Library — which operated on an all-analog basis for more than seven weeks — came back online last week.


A ransomware group named Royal, known to be an offshoot of the notorious Conti operation, claimed credit for the Dallas attack and and threatened to publish stolen city data on its extortion site, though to date, has refrained from posting anything. According to Allan Liska, a threat intelligence analyst at security firm Recorded Future, the ransomware ecosystem is as vibrant as ever, with more than 400 publicly confirmed victims per month going back to March of this year — and already at least that many confirmed in June.

“I don’t think we’ve ever seen a ransomware feeding frenzy like this,” Liska wrote on Twitter.

The already cresting wave of ransomware attacks has only been compounded by the continuing fallout of a separate incident, carried out by ransomware group known as CLoP, that exploited a previously unknown vulnerability in the popular file-transfer software MOVEit. Since early June, that attack has spilled over to more than 150 public- and private-sector organizations worldwide.

Latest Podcasts