The City of Dallas, Texas, confirmed to Cybernews it has been hit by ransomware. The Wednesday morning attack is still affecting city services with no sign of ending soon as cyber experts work to restore network systems.
As we reported May 3, the ransom attack caused the Dallas City Hall servers to go down and knocked the Dallas Police Department (DPD) website offline, although officials say 911 emergency services to residents are unaffected.
By the second day, Cybernews can confirm the city’s Dallas Fire Rescue, Department of Emergency Services are also offline.
The city’s website, instead of returning an error, now has an official notice about the incident, thanking residents for their patience.
“The City is experiencing a service outage and is working to restore services. We appreciate your patience during this time,” the notice read.
Dallas officials had released a media statement Wednesday immediately after discovering the attack and notifying Dallas Mayor Eric Johnson, the City Council.
It was then the city also triggered its City’s Incident Response Plan (IRP).
“Wednesday morning, the City’s security monitoring tools notified our Security Operations Center (SOC) that a likely ransomware attack had been launched within our environment,” the City said.
“Subsequently, the City has confirmed that a number of servers have been compromised with ransomware, impacting several functional areas, including the Dallas Police Department Website,” officials said.
A spokesperson for the Dallas Police said the outage caused the department's computer-assisted dispatch system to go down, forcing police to use its backup radio system to dispatch officers to 911 emergency calls, reported local news outlets.
“Ransomware is undoubtedly today’s biggest cybersecurity threat, with organizations suffering devastating attacks every week, said Julia O’Toole, CEO of MyCena Security Solutions.
“This sounds like a major attack that has brought several vital services down. The attack is impacting the police, the ambulance service, and court proceedings, all of which are essential services for citizens, and their outages could put people at serious risk,” O’Toole said.
The DPD noted there were no issues or delays with receiving 911 calls and dispatching responding officers.
Dallas is the ninth largest city in the US and the third largest in the Lone Star state, with a population of around 1.3 million.
Mark Manglicmot, the Senior VP of Security Services at Artic Wolf believes attacks like these are not random.
“With Dallas being one of the largest cities in the United States, it’s clear that these cybercriminals picked this as their target to get more people’s attention," he explained.
Even though larger cities, such as Dallas, may have more resources to work with than smaller municipalities, “things like unpatched vulnerabilities and gaps in security monitoring/coverage are issues that all cities are struggling with,” Manglicmot said.
"Cities are really struggling with security budgets and threat actors see this time as a perfect opportunity to attack,” he added.
Cybernews confirmed the Dallas City Hall website was still down late Wednesday afternoon, but at the time, the Dallas Police Department’s website was back up and running.
By Thursday, the Dallas PD and Fire Rescue websites were both returning the city’s latest notice.
It seems all online services run on the city hall website are also offline, including the city property tax, building, water utilities, and parking departments, as well as the Dallas Public Library.
The entire City court system has been shut down and will remain closed until further notice, according to statements.
“Given the widespread impact the city has on many operations like jury trials, trash collection, libraries, and more, there are real-life consequences that showcase how hard-hitting attacks like this can be,” Manglicmot said.
Some of those city service web addresses are still returning a blank page reading: "The page cannot be displayed because an internal server error has occurred."
Wednesday, the city said it was currently assessing the complete aftermath, "but at this time, the impact on the delivery of City services to its residents is limited.”
Teams were also actively working to isolate the malware and prevent it from spreading through its network, while software vendors were attempting to remove the ransomware from infected servers to restore affected services.
It's the second ransomware attack to hit Dallas in the past six months.
In December 2022, a ransom attack on the Dallas Central Appraisal District shut down its email, website, and servers for at least a month.
That attack cost the city of Dallas $170K to restore services.
Cybernews will continue to follow the story.
Your email address will not be published. Required fields are markedmarked