Skip to main content
close search
site logo

Dallas restores core emergency dispatch systems

“At this point, we do not have evidence or indication that there has been data removed during this attack,” Dallas CIO Bill Zielinski told city officials Monday.

Published May 9, 2023
Matt Kapko's headshot
Senior Reporter
City skyline from above over highways.
Sean Pavone via Getty Images

Dallas officials on Monday said critical services have been restored following a widespread outage caused by last week’s ransomware attack. The Dallas Police Department and city’s websites are back online as of Sunday, Bill Zielinski, CIO for the City of Dallas, said during a city council public safety committee meeting.

The city continues to recover and restore access to its computer-assisted dispatch system. The city’s municipal court system remains offline, and court hearings and trials have been suspended since Wednesday.

“We have made tremendous progress in fully restoring functionality to the computer-aided dispatch system," Zielinski said. "The core part of the system is fully restored. It has been online for several days and available for use by both fire and police departments.”

The city’s IT department is almost done reviewing all 1,900 mobile devices in police and fire vehicles, and it started turning those on and reconnecting devices to the network. When that process is complete, “we’ll have full and complete dispatch capability to where we have moved wholly away from the manual operations,” Zielinski said. 

A complete resumption of computer-assisted dispatch will be achieved early this week, the city said Monday in an update on the ransomware attack response. Dallas was still able to respond to emergency police and fire response calls while the systems were down. 

Ransom demand unknown

While Dallas officials blamed the attack on Royal, the city did not say whether the prolific ransomware group made a ransom demand. The city is exploring all options to remediate the incident, Zielinski said.

“This is an ongoing criminal investigation and the city cannot comment on specific details related to the method or means of the attack, the mode of remediation or potential communications with the party launching the attack,” Zielinski said. “Doing so risks impeding the investigation or exposing critical information that can potentially be exploited by the attacker."

The city is working with CrowdStrike on incident recovery and response, and receiving assistance from state and federal authorities. 

The city declined to share an assessment of the financial impact from the attack while the investigation is ongoing and did not provide a timeline for a full recovery of all city services.

“As part of the investigation, we're reviewing system and transaction logs and other information for indications of any data exfiltration. We also monitor the dark web for any presence of City of Dallas data,” Zielinski said. “At this point, we do not have evidence or indication that there has been data removed during this attack.”

Brett Callow, threat analyst at Emsisoft, told Cybersecurity Dive he’s yet to see any mention of Dallas on Royal’s leak site but cautioned against any sense of relief pertaining to potential sensitive data exposure.

The ‘no evidence’ statement is meaningless unless they’re far enough into the investigation to know with reasonable certainty that data has not been stolen,” Callow said. “Otherwise, it’s like you peeking through the door of your burglarized home and saying, ‘I see no evidence that anything is missing.’”

Royal ransomware group mostly targets US organizations

The Royal ransomware group compromises victims and uses multiple types of extortion to pressure victims to pay the ransom demand, according to research Palo Alto Networks’ Unit 42 released Tuesday.

The threat actor is mainly composed of former members of the Conti ransomware group. Royal was first observed in September 2022 and has been involved in multiple high-profile attacks against critical infrastructure, especially organizations in healthcare, manufacturing and education, according to Unit 42 researchers.

Conti disbanded in May 2022 and took down key pieces of its infrastructure to initiate a massive reset of operations weeks after it attacked Costa Rica’s government and demanded a regime change in the Central American nation.

The Department of Health and Human Services issued a warning about Royal in January, and the FBI and Cybersecurity and Infrastructure Security Agency issued a joint advisory about the threat actor in March.

The group has claimed responsibility for 157 organizations to date on its leak site, and it “will harass victims until the payment is secured, using techniques such as emailing victims and mass-printing ransom notes,” Unit 42 researchers said.

Royal has made ransom demands up to $25 million, the threat intelligence outfit observed. Nearly two in three organizations victimized by Royal to date are based in the U.S.

Filed Under: Cyberattacks

Editors' picks

Company Announcements

View all | Post a press release
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Editors' picks
Latest in Cyberattacks
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell