Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

City of Dallas systems taken offline by ransomware attack

The American city of Dallas has confirmed its government systems fell victim to Royal ransomware attack this week, taking some networks offline.

user icon David Hollingworth
Fri, 05 May 2023
City of Dallas systems taken offline by ransomware attack
expand image

One of the first indicators of the attack occurred when printers connected to government networks across the city started printing out ransom notes.

“If you are reading this, it means your system were [sic] hit by Royal…” the note opened, with text poorly formatted to fit the page. The note gives contact details to begin negotiations.

The note then pointed out that “your critical data was not only encrypted but also copied”. Threats to publish the data online followed, noting that “even your employees will be able to see your internal documentation”. The note then said that “for a modest royalty”, the data can be decrypted and restored.

============
============

The note was posted on Twitter by Emisoft threat analyst Brett Callow.

While the initial attack took place on Wednesday (3 May), some government systems remain offline as city officials attempt to mitigate the attack.

“Subsequently, the city has confirmed that a number of servers have been compromised with ransomware, impacting several functional areas, including the Dallas Police Department website,” the city of Dallas’ official statement read. “The city team, along with its vendors, are actively working to isolate the ransomware to prevent its spread, to remove the ransomware from infected servers, and to restore any services currently impacted.”

“The city is currently working to assess the complete impact, but at this time, the impact on the delivery of city services to its residents is limited.”

City officials have said that essential services, such as fire and rescue and police services, are unaffected.

The Royal ransomware group began to make headlines in September 2022 with a number of high-profile attacks but could well have been in operation since January of the same year. The FBI and CISA released a joint advisory about the group’s activities, and even the US Department of Health and Human Services called out the group for its attacks on healthcare organisations.

Earlier in 2023, Royal even used the same printer trick when it compromised systems at the University of Queensland.

“In my case, it printed out until there was no more paper in my printer,” said the university’s vice-chancellor Professor Margaret Sheil after the incident.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.