The City of Dallas has suffered an attack by a particularly malicious type of software known as ransomware. Ransomware is a type of malicious software designed to block access to a computer system or data, often by encrypting it, until a sum of money, or ransom is paid to the attacker. It is one of the most prevalent and damaging types of cyber attacks in the modern digital landscape.
In this instance, the ransomware attack led to the downtime of various emergency services in Dallas. Although the City stated that emergency services for residents have remained unaffected, the homepages of the Police and Fire Service were unavailable.
Two security researchers familiar with the incident have linked the ransomware operations to ‘Royal’. This group is alleged to operate out of Russia and has potential links with Russian Intelligence.
The 911 dispatchers had to write down the reports received for the officers rather than submitting them through the system-assisted dispatch system. The Dallas County Police website was offline for part of the day due to the security incident.
The City’s monitoring tools notified the Security Operations Center (SOC) of a probable ransomware attack within the environment. Following this incident, the City confirmed that a number of servers had been compromised by ransomware, thereby affecting several functional areas.
As a countermeasure, the City’s team, along with vendors, actively worked to isolate the ransomware and prevent its further spread. In addition, the City took the opportunity to assess the complete impact. However, the impact of ransomware on the delivery of City services to the residents has been limited