Dallas

Dallas Ransomware Attack Contained, But Ongoing; Police, Fire Service Uninterrupted

History of Dallas IT problems may have been obvious to hackers

NBC Universal, Inc.

Dallas officials said Thursday they are working to limit the effects of a "ransomware attack" affecting some city-run websites and services, but that police and fire service to residents is unaffected.

The 911 call center was without computer dispatch. Call takers, police and firefighters had to use paper. National Black Police Association Dallas Chapter President Sheldon Smith said it was a return to old-school policing.

"It is an inconvenience because we’ve become reliant on computerized systems but we’ve got to make it work," Smith said. "It does not mean we stop serving the citizens of Dallas. We have to continue to do that."

The city said security monitoring tools alerted the Security Operations Center that an attack had been launched and they confirmed that a number of servers had been compromised with ransomware, impacting several departments.

City officials said Thursday a group called Royal initiated the attack and Dallas Chief Information Officer Bill Zielinski is expected to brief the Public Safety Committee on the attack on Monday.

Information Technology problems have been well publicized in Dallas in recent years. Building permits have been severely delayed by outdated software and computers. Police had repeated issues with data handling.

Alex Heid with the website SecurityScorecard.com said his organization grades the City of Dallas with a "D," but that is not unusual for cities.

"The IT departments will be underfunded and overworked and there are a lot of legacy systems that are exposed to the internet and the City of Dallas is no exception," he said.

Heid said hackers pay attention to the ongoing happenings within their targets.

The City of Dallas says it is working to mitigate the effects of a "likely ransomware attack" affecting some city-run websites.

"Whether or not the payment was made is oftentimes not disclosed, but I would imagine there is a heated discussion going on right now," he said.

Dallas Chief of Police Eddie Garcia issued a statement Thursday afternoon saying while police response and police services continue as usual, department operations have been significantly impacted by the outage.

"We want to ensure the public even with these internal difficulties, police response continues across the city," Garcia said. "Regardless of the uphill battles, our men and women will always answer calls for service. Public safety remains our top priority."

Garcia said the department's computer-assisted dispatch and field-based reporting system were down and tasks were being performed manually until the applications could be brought back online. The department's website continued to be down along with internal share drives and other internal personnel applications.

City Manager TC Broadnax said in a statement Thursday the attack was detected Wednesday morning and that since that time employees have worked hard to contain the issue and ensure continued services to residents.

"While the source of the outage is still under investigation, I am optimistic that the risk is contained," said Broadnax. "For those departments affected, emergency plans prepared and practiced in advance are paying off. We apologize for any inconvenience and thank residents for their understanding as we continue to work around the clock until this issue is addressed. For updates, please keep an eye on dallascitynews.net."

Smith said officers were doing their part to keep serving citizens.

"When things get bad we stand up, and that’s the expectation from the citizens, and that’s what the Dallas Police Department does," Smith said.

The city released the following list of system updates at about 4:30 p.m. Thursday as they worked to contain the outage and restore service.

DALLAS RANSOMWARE ATTACK SERVICE UPDATES

  • ITS isolated the issue and is gradually restoring service prioritizing public safety and resident-facing departments.
  • DPD and DFR service continues as usual.
  • 311 and 911 calls continue to be received and dispatched.
  • Dallas Water Utilities is unable to process payments. Disconnections will be discontinued until the outage is resolved.
  • Vital Statistics is issuing records with limited capacity. Some records may be unavailable, especially from prior to 2005. Residents may contact Vital Records at 214-670-3092.
  • Women, Infants & Children (WIC) is maintaining normal operations at all clinics and is able to issue benefits.
  • Courts remain closed and cases will be reset; jurors do not need to report for service and notices will be sent by mail.
  • Code Compliance Services response to service requests may be delayed. Code is currently unable to process Single-Family and Multi-Tenant registrations. Garage sale permits can be issued in person only at 3112 Canton St.
  • Dallas Animal Services is responding to injury and emergency requests and non-emergency response is delayed. DAS is handling adoptions, fosters, rescue and return to owners on a case-by-case basis at 1818 N. Westmoreland Rd. during regular business hours.
  • For Office of Special Events permits please use the following links to login and create an application:
    Special Event, Commercial Promoter, and Fair Park Parking License Application
    Street Pole Banner Application
    Commercial Filming
    Neighborhood Market
  • City Secretary’s Office Open Records Requests will be delayed.
  • Development Services, Permitting, Public Works, and Zoning applications and payments cannot be received, and permits cannot be issued.
This is the message that appears when you try to visit the Dallas Police Department's website.

The Dallas City Hall website also showed an "internal server error" message.

Dallas Fire-Rescue told NBC 5 that dispatch operations have been run manually since early Wednesday morning.

Work is being done to isolate the ransomware, prevent its spread, remove it from infected servers and restore any services impacted.

"We are heartened to know that the newly implemented systems helped to identify and assist in containing the attack and our plans and procedures are being used to address this critical incident," said Dallas City Council Member Cara Mendelsohn in a statement. "Our vendors are on-site to assist IT management and staff in restoring functionality as soon as possible. We are encouraged the attack was limited due to newly implemented tools, but seems to have focused on public safety and servers that have impacted 311 primarily. Continued investment and updates to our IT department are needed to continue securing City of Dallas resident data and essential city records."

The city said the impact on residents is limited. If any residents have an issue with a city service they should contact 311 and for emergencies call 911.

The City of Dallas says it is working to mitigate the effects of a "likely ransomware attack" affecting some city-run websites.

RANSOMWARE ATTACKS PROVING TOUGHER TO DEFEND

Cybersecurity expert Dr. Bhavani Thuraisingham said attackers are getting smarter and it’s becoming more difficult to stay a step ahead.

“All it takes is for the attacker or hacker to get into one machine. Once they get into one machine, they can infiltrate the whole network,” said Thuraisingham.

Thuraisingham works with psychologists to uncover what cyber attackers get out of causing such distraction and disorder. Part of it is the thrill.

“These hackers, they want to get more and more publicity,” she said. “There are also monetary reasons with ransomware. So, it’s both.”

Thuraisingham said good cyber hygiene practices, like complex passwords, system backups, and the use of encryption are a must.

“We have to figure out what our vulnerabilities are so that this type of attack does not happen again,” she said.

RESTORATION COULD TAKE TIME, LABORIOUS PROCESS

Matthew Yarbrough is an attorney with Michelman & Robinson, LLP. He specializes in cyber security and data privacy. He’s familiar with Royal – the organization suspected of the attack.

“Royal has been out there as one of the premier ransomware attack and threat actors, not just in the United States and Texas, but around the world,” Yarbrough said.

He’s been in situation rooms with organizations desperately working to restore systems after being compromised.

“You’re trying to stop the bleeding and you’re trying to stop the spread of malware to other systems,” he said. “Everyone is barking, yelling, trying to cut this system down. Trying to pull the system offline.”

Yarbrough said municipalities are especially vulnerable because, unlike many Fortune 500 companies, they don’t often have the latest or greatest technology. For an attack like this, he said there’s simply no quick fix.

“You have to isolate those devices and those servers and then begin to rebuild them, and that can be very laborious,” he said. “What that means is it’s going to be taking days, weeks. I’ve seen some organizations where it could take months to rebuild their systems back.”

Councilwoman Cara Mendelsohn tweeted Thursday, thanking the city’s contracted partners and IT staff. She said the Public Safety committee expects a report on the Matter next Monday.

The organization suspected to be behind the cyber attack on the City of Dallas computer systems this week is known to prey on systems in the U.S. and around the world.
Contact Us