Skip to main content
close search
site logo

Dallas still recovering from ransomware on eve of municipal election

City officials say the attack would not affect the election, but many services remain down.

Published May 5, 2023
Matt Kapko's headshot
Senior Reporter
Aerial picture of high rises
Art Wager via Getty Images

Dallas is reeling from a ransomware attack just as early voting is slated to begin for a municipal general election that will determine the mayorship and council district representatives. The election, which is slated for Saturday, is unaffected by the attack, the city secretary’s office said in the statement.

“Since City of Dallas’ information and technology services detected a cyber threat Wednesday morning, employees have been hard at work to contain the issue and ensure continued service to our residents,” Dallas City Manager T.C. Broadnax said in a statement.

“While the source of the outage is still under investigation, I am optimistic that the risk is contained. For those departments affected, emergency plans prepared and practiced in advance are paying off,” Broadnax said.

The city on Thursday said it isolated the ransomware attack and is gradually recovering services.

Multiple city services are impacted. Courts remain closed, the city’s water utilities division is unable to process payments, permits cannot be issued, and the city is unable to receive applications for public works and zoning.

Dallas Police Chief Eddie Garcia on Thursday said police operations have been significantly impacted by the outage.

The department’s computer-assisted dispatch and field based reporting systems, internal shared drives and internal applications for personnel matters have been impacted, Garcia said in a statement. These functions are being performed manually while systems remain nonoperational.

Fire and police response remain unaffected, the city said in a statement that was last updated on Thursday afternoon. Dallas continues to receive and dispatch 911 emergency calls.

Websites for the city and the Dallas Police Department, which serves a population of nearly 1.3 million people, are still offline.

Who's to blame

The city pinned responsibility for the attack on the Royal ransomware group, a prolific threat actor that was the subject of a joint advisory issued by the FBI and Cybersecurity and Infrastructure Security Agency in March.

The attack marks the second ransomware attack linked to the Royal ransomware group in the Dallas metropolitan area in as many weeks. Royal claimed responsibility for an attack against the Lake Dallas Independent School District and listed the district on its leak site April 18, according to Emsisoft Threat Analyst Brett Callow.

Dallas is the ninth-most populated city in the U.S. and may be the largest city hit by a ransomware attack to date, Callow said.

Royal has yet to list Dallas on its leak site, according to Callow. Threat actors typically use this tactic to increase leverage by imposing a deadline and making threats to leak potentially sensitive data.

Filed Under: Cyberattacks

Editors' picks

Company Announcements

View all | Post a press release
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Editors' picks
Latest in Cyberattacks
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell