Skip to main content

Dallas emergency services systems knocked offline in Royal ransomware attack

By May 4, 2023May 5th, 2023Press Releases

The City of Dallas, Texas, has been struck by a ransomware attack that knocked essential services offline, including emergency services systems.

The ransomware attack, attributed to the Royal ransomware group, struck the city on Wednesday morning, with local reports suggesting that the city was still struggling to respond to the attack today.  The attack knocked offline city websites and services, but notable among them was the city’s 911 dispatch service, causing both local police and firefighters to revert to manual dispatching.

Other systems affected include those dealing with jail intakes and offense reports. The city’s court system was also knocked offline, causing jury trials to be canceled until further notice.

City Manager T.C. Broadnax said in a statement that departments that had been affected had implemented emergency plans that had been prepared and practiced in advance of the ransomware attack. The city ticked off the usual ransomware response list: hiring third-party cybersecurity experts and informing the U.S. Federal Bureau of Investigation.

Confirmation that the Royal ransomware group came from the city, with CBSNews sharing a copy of the ransomware note. The rambling note claims, among things, that the attack was likely caused by the city not spending enough money on cybersecurity and that data had been encrypted on the city’s network. No amount for a ransom payment was included. The note instead offered a “unique deal” for a “modesty royalty” for the files to be decrypted and kept confidential.

Royal first emerged in 2022 and gained momentum through the middle of the year, deploying various tactics, techniques and procedures to attack multiple global organizations. As noted in a report from Cybereason Inc. in December, the group’s members are suspected of being former members of other ransomware groups based on similarities between Royal and other ransomware operators.

Kendall Larsen, president and chief executive officer of internet security software company VirnetX Holding Corp., told SiliconANGLE that the “attack in Dallas is particularly concerning because it affects local police and underscores the fact that ransomware gangs are willing to put public safety at risk to ensure their ransom demands are met.”

Christine Gadsby, vice president of product security at security firm BlackBerry Ltd, noted that the “incident underscores the fact that cybercrime puts every organization, government, and critical infrastructure at risk.”

“Responding to incidents like this with transparency and establishing information-sharing protocols will give governments and organizations the best chance of protecting themselves against ransomware threats and void the high costs of downtime and ransomware payments,” Gadsby added. “The more we collectively understand about the nature of individual attacks, the better we can identify patterns and profile threat actors.”