The City of Dallas, Texas, has become the latest victim of a devastating ransomware attack carried out by the Royal ransomware operation. The attack has resulted in the shutdown of several IT systems as a precautionary measure to prevent the spread of the attack. Dallas, as the ninth largest city in the United States with a population of approximately 2.6 million people, has been significantly impacted by this cyber incident.
Local media reports revealed that the City’s police communications and IT systems were shut down on Monday morning due to a suspected ransomware attack. As a result, 911 dispatchers have had to resort to writing down received reports for officers instead of utilizing the computer-assisted dispatch system. The Dallas County Police Department’s website was also temporarily taken offline as a security measure.
The City of Dallas has officially confirmed that the disruption was caused by a ransomware attack. The City’s security monitoring tools alerted the Security Operations Center (SOC) to a probable ransomware attack within their environment. Subsequently, it was determined that several servers had been compromised, impacting various functional areas, including the Dallas Police Department website. The City, in collaboration with its vendors, is actively working to isolate the ransomware, remove it from infected servers, and restore affected services. The Mayor and City Council have been notified of the incident in accordance with the City’s Incident Response Plan (IRP).
While the impact on the delivery of City services to residents is currently limited, there have been notable disruptions. The City’s court system has been forced to cancel all jury trials and jury duty due to the inoperability of their IT systems. This incident highlights the widespread occurrence of ransomware attacks targeting local governments, with an alarming rate of more than one attack per week in the United States. Of the 29 local governments impacted this year, at least 16 have suffered data theft. Dallas, being one of the largest cities affected in recent times, represents a significant escalation in the scale and impact of these attacks.
BleepingComputer has confirmed that the Royal Ransomware operation was behind the attack on the City of Dallas. The operation is believed to be an offshoot of the Conti cybercrime syndicate, gaining prominence after Conti shut down its operations. The Royal ransomware operation began in January 2022, initially utilizing other ransomware operations’ encryptors to avoid standing out, but later started using their own encryptor, Zeon, in attacks for the rest of the year. By the end of 2022, Royal quickly became one of the most active enterprise-targeting ransomware gangs. .
The City of Dallas is actively working to assess the complete impact of the ransomware attack, while residents are encouraged to report any issues with City services to 311 and emergencies to 911. This incident underscores the urgent need for enhanced cybersecurity measures and vigilance against the growing threat of ransomware attacks targeting critical infrastructure and public services