DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

City of Dallas update on ransomware attack recovery efforts

Posted on May 9, 2023 by Dissent

4 p.m. update, Monday, May 8

As of Monday, May 8 DallasCityHall.com and DallasPolice.net are back online.

911 and 311 intake and dispatch continue via phone and radio dispatch while Computer Assisted Dispatch (CAD) components including 1900 mobile devices (1600 for DPD and 300 for DFR) and the server routing calls are tested to ensure no reinfection when redeployed. Completion of device cleaning to allow resumption of CAD is anticipated early this week

Please see below for frequently asked questions regarding the incident:

  1. Will the City pay the ransom?

  • The City is exploring all options to remediate this incident. As this is an ongoing criminal investigation, the City cannot comment on specific details which risk impeding the investigation or exposing vulnerabilities that can be exploited by an attacker.
  1. Did the attackers send a ransom note to City printers?

  • An image of information allegedly transmitted by an attacker has been published. While some media outlets removed or blurred a URL shown, others did not. Do not attempt to visit this URL as it may pose a threat to the device or network of anyone that does.
  1. How did the breach initiate?

  • This is an ongoing criminal investigation. The City cannot comment on specific details which risk impeding the investigation or exposing vulnerabilities that can be exploited by an attacker. The most common Ransomware attacks are initiated by exploiting vulnerabilities in software such as weak or default credentials, and social engineering (e.g. phishing) which tricks users into divulging confidential or personal information that may be used for fraudulent purposes.
  1. How many devices are affected?

  • This is an ongoing criminal investigation. The City cannot comment on specific details which risk impeding the investigation or exposing vulnerabilities that can be exploited by an attacker.
  1. What departments are affected and how?

  • See https://www.dallascitynews.net/ for detailed updates.
  1. What are next steps?

  • The City’s IT Department continues to work with the assistance of cybersecurity experts and vendors to review software, servers, and devices to ensure they are uninfected before they are returned to service.
  1. Are 9-1-1 dispatchers still having to take down information by hand and share it over a radio to respond?

  • As prepared for and practiced in advance, 9-1-1 operators continue to answer and dispatch calls utilizing back up procedures and the City’s public safety radio system. As City staff and contractors review devices, ensure they are secure, and bring them online, Computer Assisted Dispatch (CAD) functionality will increase for DPD, DFR and 311.
  1. What do people on deadline to pay citations need to do?

  • Citation payments and documents due while the Municipal Court system is down will be accepted after service is restored. Anyone who has a citation to pay or documents due while Municipal Court is closed will be granted an extension to pay or present the documents to the Court without penalty.
  1. How long this will take to get resolved?

  • The City’s IT Department will continue to work with the assistance of cybersecurity professionals and our system vendors to review software, servers, and devices to ensure they are uninfected and can be returned to service as quickly as possible.
  1. Is the prior network outage related to this attack?

  • There is no evidence that the network outage occurring on April 19, 2023 is related to this ransomware attack. The network outage of April 19 was caused by a hardware failure. The City and its network services provider AT&T resolved that outage.
  1. Has Royal made any demands from the city of Dallas? Has the city learned how Royal was able to gain access to its systems? If so, how did the group compromise those servers? If so, what is the group demanding, and what has been the city’s response?

  • This is an ongoing criminal investigation. The City cannot comment on specific details which risk impeding the investigation or exposing vulnerabilities that can be exploited by an attacker.
  1. Should residents be concerned that their personal information could be leaked online as a result of this attack? Why or why not?

  • At this time the City has no indication that customer information such as billing data or personally identifiable information (PII) has been leaked from City systems or databases. Should this change, the City will notify potentially impacted individuals with information and instructions. Should any individual be contacted by someone claiming to represent the City of Dallas and ask for a payment or personal information, please take note of the number they are calling from and the number they are reaching, then hang up and call the City Department to report.
  1. How much is this attack costing the City?

  • As this is an ongoing criminal investigation, a determination of financial impact cannot be given at this time.
  1. Were social media channels compromised as a result of the outage?

  • The City of Dallas social media accounts have not been compromised. Updates will continue to be shared via DallasCityNews.net.

 


Previous updates can be found at https://www.dallascitynews.net/city-of-dallas-statement-on-network-outage

Related posts:

  • TeamGhostShell posts “master list” of 548 leaks (so far)
  • Two Men Arrested For Conspiring With Russian Nationals To Hack The Taxi Dispatch System At JFK Airport
Category: Government SectorMalwareU.S.

Post navigation

← Cyberattacks a Problem for Nearby Emergency Departments, Too
Justice Department Announces Court-Authorized Disruption of Snake Malware Network Controlled by Russia’s Federal Security Service →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.