The city of Dallas, Texas has confirmed that a ransomware attack has shut down key services, including 911 dispatch systems.
City officials confirmed on Wednesday that a number of the city’s servers had been “compromised with ransomware,” leading to widespread service outages. The Dallas Police Department (DPD) website is currently offline. The City of Dallas website displays a notice stating that “tThe city is experiencing an outage and is working to restore service,” the city wrote on a page of updates on the incident that all courts were closed on Wednesday and would be closed again on Thursday.
DPD spokesperson Melinda Gutierrez confirmed to TechCrunch that the outage has also impacted Computer Aided Dispatch, or “CAD,” systems used by dispatchers and 911 operators to prioritize and record incidents. Local media reported that this has forced 911 callers to manually write down instructions for responding officers.
“There is no effect on 911 calls at this time and they are still being sent for service,” Gutierrez added. “The outage has no impact on the police response.”
Printers on the City of Dallas network reportedly started printing ransom notes on Wednesday morning. According to a copy of the message seen by TechCrunch, the Royal ransomware gang has claimed responsibility for the attack, and a URL in the message points to a contact form on Royal’s dark web victims’ site. The note said that critical data was encrypted and threatened to publish it online if the ransom demand was not met.
The city of Dallas has not yet been listed on Royal’s dark web leak site, and it is not yet known what types of data were stolen. City officials have not responded to TechCrunch’s questions.
The Royal ransomware gang emerged in early 2022 and was recently the subject of a joint advisory issued by CISA and the FBI. US government agencies warned that the group has targeted multiple victims both in the US and internationally, including manufacturing, communications, education and healthcare organizations.
The advisory said that after gaining access to victims’ networks, usually via callback phishing, where hackers send emails claiming that the victim has or will pay for a service and asks them to call a listed phone number for clarification, Royal hackers “turn off antivirus software and exfiltrate large amounts of data” before deploying the ransomware and encryption systems. Subsequent ransom demands from the group range from $1 million to $11 million. The city of Dallas has yet to confirm whether the hackers have made any financial demands.
TechCrunch has contacted CISA and the FBI regarding the ransomware incident in the city of Dallas, but has not yet received a response. According to ransomware expert Brett Callow29 cyberattacks targeting local governments have been reported this year in the US alone.
The full impact of the attack remains unknown. In a statement, the city said it was “actively isolating the ransomware to prevent its spread, removing the ransomware from infected servers, and restoring all services currently affected.. The city is currently working to assess the full impact, but at the moment the impact on the delivery of city services to its residents is limited.”
Do you have more information about the City of Dallas ransomware attack? You can safely contact Carly Page via Signal on +441536 853968 or via email. You can also contact TechCrunch at SecureDrop.