Dallas, Texas, officials say the Royal ransomware gang is responsible for the cyberattack that shut down most city services and knocked the Dallas Police and Fire Rescue departments offline this week.
The city of Dallas has been struggling around the clock to restore online services since its IT teams discovered the ransom group hacked into network servers Wednesday morning, causing a system-wide outage.
“Employees have been hard at work to contain the issue and ensure continued service to our residents. While the source of the outage is still under investigation, I am optimistic that the risk is contained, “ officials said in a statement Thursday.
“Delays and disruption due to the outage” continued into Thursday evening, although officials said they were “prioritizing public safety and public-facing departments” throughout the restoration process.
Police have been forced to use a backup radio system to dispatch officers to 911 calls since the attack, but response times have not been affected, according to a Dallas PD spokesperson.
“For those departments affected, emergency plans prepared and practiced in advance are paying off,” the city said.
“A group called Royal initiated the attack,” the city revealed Thursday.
According to the gang's profile, Royal will disable the target's antivirus software and exfiltrate large amounts of data before ultimately deploying the ransomware and encrypting a victim’s systems.
Instead of a ransom note with payment instructions, Royal directs its target to contact them on their dark web site.
In this instance, sources say the group hacked into Dallas city printers, which then printed out a typed ransom note containing a direct link for the city to make contact, as first reported by news outlet Bleeping Computer.
Dallas officials have not disclosed the exact amount of the ransom demand, but Royal is known to threaten its victims with higher asks as compared to most other ransom groups.
A Cybersecurity and Infrastructure Security Agency (CISA) advisory about the group released in March said Royal ransom demands can range from approximately $1 million to $11 million in Bitcoin.
Royal broke on the ransom scene sometime in 2022 and, in certain months, outpaced the number of attacks by more infamous ransom outfits such as Lockbit, BlackCat, and Vice Society.
The group is said to be made up of a hodge podge of former threat actors from other Russian-linked cyber gangs, including the Conti group.
The CISA advisory warned the gang was specifically targeting critical infrastructure with their own Royal ransomware variant, “which uses a custom-made file encryption program, evolved from earlier iterations that used “Zeon” as a loader.”
The group first made a name for itself after hacking the UK’s Silverstone Formula One motor racing circuit in November 2022.
Last month, Royal also claimed to have hacked and stolen gigabytes of data from the Lake Dallas Independent School District, including the social security numbers and passport information of students and district staff.
In the past few years, we've seen a major uptick in ransomware attacks targeting major cities across the nation and costing millions, including Atlanta and Baltimore.
Even in the past 30 days, there's been a sharp uptick in attacks on cities of all sizes, according to Mark Manglicmot, Senior VP of Security Services at Arctic Wolf.
“Talking to city IT and security leaders, we can tell that they’re scared, whether they themselves have had a brush with a cyber incident or they’ve watched a neighboring city come to a halt due to an attack,” Manglicmot said.
Meantime, Dallas city officials have not disclosed the amount of the ransom demand as of yet.
“We’ve seen the median ransom demand for the government sector is now $450,000 – a high price tag for cities that already fight tooth and nail for adequate funds for IT and technology budgets,” Manglicmot said.
This past February, the California City of Oakland suffered a severe ransomware attack on its network systems, shutting down city services for over a month.
The attack triggered a State of Emergency, brought in the California National Guard, and only in April did Oakland finally restore all citywide services.
The same week, the city of Modesto, California, was also hit by hackers, forcing city officers to patrol using “old school” police tactics, including handheld radios, pens, and paper.
Infamous ransom gangs Snatch and Play claimed responsibility for the California attacks, and yet another Russian-linked group, Lockbit, tried to cash in, releasing a cache of stolen city files on the dark web after officials refused to pay.
Dallas is the ninth largest city in the US with a population of about 1.3 million.
Your email address will not be published. Required fields are markedmarked