Dallas (city) apparently hit with a ransomware attack

hiegtx · May 3, 2023

The City of Dallas website, as well as several departments, are either offline or experiencing problems due to an apparent ransomware attack.

City of Dallas experiencing ransomware attack, multiple services affected

A string of ransomware attacks has knocked out the City of Dallas’ police communications system and several other city services. The ransomware was first detected Wednesday morning.

click2.email.audacy.com

City of Dallas likely targeted in ransomware attack, city official says

A spokeswoman for Dallas police confirmed the department's website is down due to an outage affecting the city. The extent of the outage is unknown at this...

www.dallasnews.com

City of Dallas dealing with ransomware attack against network

The city said they are working to assess the complete impact but that the impact to delivering city services to residents is limited

www.wfaa.com

The computer aided dispatch system, used by Dallas Fire Rescue is also apparently down, and DFR has been in manual dispatch mode mode of the day.,

The Dallas Central Appraisal District system was hit last fall, and apparently an undisclosed figure was paid to the attackers.

TexTAC · May 3, 2023

I’ve been listening on the NTIRN system and Dallas Fire is still dispatching manually. They are handling it very professionally despite the situation.

techman210 · May 3, 2023

San Bernardino Sheriff in California got hit about 2 weeks ago. Wonder if they got nailed by a third party vendor that got infected.

Echo4Thirty · May 4, 2023

THIS is exactly why you train your dispatch centers to do things manually on a regular basis.

ProScan · May 4, 2023

I'm wondering how the City of Dallas or any website can be down due to ransomware over an extended period. Don't they have an IT group that manages the server? Don't they have backup files? If they can access the server root account then it's just a matter of restoring from a backup. If they can't access the server, then I would think that they could get the host provider involved by doing a reboot and wiping the server clean, or substituting another machine.

IMHO, I think it's an inside job. It could be a "trusted 3rd party" that has root access or a contractor working for them.

TexTAC · May 4, 2023

Dallas had issues last year too when they deleted millions of files containing police data. Dallas data loss report reveals IT worker was not trained for the job

Harold · May 4, 2023

ProScan said:
I'm wondering how the City of Dallas or any website can be down due to ransomware over an extended period. Don't they have an IT group that manages the server? Don't they have backup files? If they can access the server root account then it's just a matter of restoring from a backup. If they can't access the server, then I would think that they could get the host provider involved by doing a reboot and wiping the server clean, or substituting another machine.

IMHO, I think it's an inside job. It could be a "trusted 3rd party" that has root access or a contractor working for them.

I think when they say the Website is down they are referring to the services provide via the website. They cannot access the databases required to provide service via the web.

ProScan · May 4, 2023

Harold said:
I think when they say the Website is down they are referring to the services provide via the website. They cannot access the databases required to provide service via the web.

Wouldn't that affect surrounding cities and counties? Are the services hosted on the website? To me, it seems to be the servers.

hiegtx · May 4, 2023

ProScan said:
Wouldn't that affect surrounding cities and counties? Are the services hosted on the website? To me, it seems to be the servers.

Dallas being "up" or "down" has no effect on neighboring jurisdictions, as these are not shared systems.

The city's website, DallasCityHall.com, directs you to a Cloudfront 'notification' page. The Dallas PD's website returns a 'service unavailable' page.

Dallas Fire Rescue remains on manual dispatch, with field units having to report en-route, clear, or back in quarters via voice radio via their MDTs. Dallas PD MDT's are also out of service.

911 calls are still being answered, but at times, call takers have had to send a printed 'note' to dispatchers rather than entering call data in the system which then would flow to the actual dispatcher's stations.

Still no posted, or announced, time frame of when issues will be resolved.

hiegtx · May 4, 2023

Latest press release via one of the local TV stations:

City of Dallas attacked by ransomware gang 'Royal', police, fire dispatch forced to use radio and paper systems

The Dallas Public Library, Dallas Water Utilities, courts and more have been affected by the cyberattack.

www.fox4news.com

add:

A group called Royal is behind the ransomware attack on Dallas, city says

The city’s Information and Technology Services “and its vendors continue to work around the clock to contain the outage and restore service, prioritizing...

www.dallasnews.com

mwjones · May 5, 2023

Dallas Fire Rescue having to use smartphone maps and radios while CAD is affected by ransomware attack.

'It might take us a few extra seconds' | Dallas firefighters using smartphone maps, radios while technology is down

Dispatchers are working overtime while Dallas Fire-Rescue's communication systems are down. A ransomware attack crippled city servers Wednesday.

www.wfaa.com

ecps92 · May 6, 2023

techman210 said:
San Bernardino Sheriff in California got hit about 2 weeks ago. Wonder if they got nailed by a third party vendor that got infected.

Lowell Mass as well

Ensnared · May 7, 2023

LMMFAO. I love it. Next, Wilco, Travis, Ft. Worth PD.

kv5e · May 8, 2023

B0ned and Pwned, all it takes is one unaware human element to make this type of attack possible. Same IT department that lost terabytes of evidentiary case data due to poor backup procedures and resulted in many felony cases getting dismissed from prosecution.

City of DalASS

hiegtx · May 12, 2023

The City of Dallas chief Information security officer has now said it may take "weeks & months" before all systems will be fully restored. DFR is still mostly manual dispatch, with many vehicle MDTs still out of service.

Ransomware full recovery could take months, Dallas officials say

Dallas information technology staff are still working with consultants and outside groups to help review and clean servers possibly impacted by ransomware...

www.dallasnews.com

Dallas municipal court system still down, some fire department devices found infected a week after ransomware attack

The municipal courts still cannot take payments in person, online or by phone. The situation’s far from normal for the police and fire departments.

www.wfaa.com

Ensnared · May 12, 2023

kv5e said:
B0ned and Pwned, all it takes is one unaware human element to make this type of attack possible. Same IT department that lost terabytes of evidentiary case data due to poor backup procedures and resulted in many felony cases getting dismissed from prosecution.

City of DalASS

Yes, I would agree, "DalAss" is a more fitting name. I needed a belly laugh this morning, thanks.

hiegtx · Jun 1, 2023

This is still a long way from being over:

"Four weeks into Dallas’ ransomware attack, the city’s communications, outreach and marketing director emailed directions to the mayor and City Council on Wednesday to share little to no details about how it’s being handled."

Full article here:

Ransomware attack: Dallas City Council told to keep quiet four weeks later

Catherine Cuellar, the city’s communications, outreach and marketing director, told elected leaders and some top administrative officials in an email...

www.dallasnews.com

The DallasNews uses a paywall, limiting the number of views that you can make with a subsription. I have found that for some paywall pages, accessing them via a "Private Window" (that's a term used by FireFox) might aloow access if you are over the limit.

hiegtx · Jun 24, 2023

Well, Fort Worth has now joined the 'hack my system' party. A number of parts of their networl ssytems have also been hacked. Dallas was hit with a ransomware attack. Apparently, at least at this time, the intrusion into Fort Worth systems doesn't seem to be in the depth where Dallas was impaired.

Data from internal information system posted online, City of Fort Worth says

City officials said the information posted online was not sensitive in nature.

www.wfaa.com

Dallas is still slowly recovering, parts of one system at a time. The public library is just now getting back up. But other departments are still affected. While city officials have claimed that most of PD & Fire have been restored, I would note that their online pages with active incidents are still offline. The Fire side simply says 'no active incidents. For the PD, you can pull up the Open Data site, but the calls displayed are from March 1st.

Dallas (city) apparently hit with a ransomware attack

Mentor

Member

Member

Active Member

Software Provider

Member

Member

Software Provider

Mentor

Mentor

Member

Member

Member

T¹ ÆS Ø

Mentor

Member

Mentor

Mentor

Similar threads