Dallas, the ninth-most populated city in the U.S., is responding and attempting to recover from a ransomware attack that shut down multiple critical systems, including websites for the police department and city hall.
The city continues to receive and dispatch emergency 911 calls, and service from police and fire remain unaffected, Dallas said in a statement issued Wednesday night.
Court was closed Wednesday and will be closed Thursday as well. “Currently less than 200 of the city’s thousands of devices are impacted, but if any city device is at risk it will be quarantined and blocked by information and technology services,” the city said in the statement.
The website for city hall forwards to a sparse landing page that reads “the city is experiencing a service outage and is working to restore services.” The page includes a link to the city’s Twitter account for up-to-date information, but there’s no mention of the attack or outage on Twitter as of Thursday morning.
The city’s monitoring tools alerted the security operations center to a likely ransomware attack on Wednesday morning. “Subsequently, the city has confirmed that a number of servers have been compromised with ransomware, impacting several functional areas, including the Dallas Police Department website,” the city said in a statement.
Websites for the city and the Dallas Police Department, which serves a population of nearly 1.3 million people, currently returns a 503 error page.
“The city team, along with its vendors are actively working to isolate the ransomware to prevent its spread, to remove the ransomware from infected servers and to restore any services currently impacted,” the spokesperson said.
Emsisoft threat analyst Brett Callow shared a screenshot indicating the Royal ransomware group claimed responsibility for the attack. The FBI and Cybersecurity and Infrastructure Security Agency issued an advisory about the threat actor in March.
At least 29 local U.S. governments have been impacted by ransomware attacks this year, and data was stolen in at least 16 of those cases, according to Callow.
“Dallas may be the largest city to have had a ransomware incident that has become knowledge,” Callow told Cybersecurity Dive via email. “The fact that police systems have been impacted is a concern, as it raises the question of whether data was exfiltrated from those systems. That could potentially impact investigations and prosecutions or even put lives at risk.”