DALLAS — The city of Dallas suffered a ransomware attack Wednesday which interrupted its computer-based emergency dispatch, the court system, the Dallas Police Department website, and the city's own website.
Thursday morning, the city identified the source of the attack, saying a group called "Royal" is responsible.
The city's information technology department is working "around the clock" to contain the outage and restore service, prioritizing the city's public safety and public-facing departments.
The city said services to residents continued "with minimal disruption."
The 911 system was not impacted.
As of 4:30 p.m. Thursday, here are the service updates:
- 911 calls continue to be received and dispatched.
- 311 calls are being answered but non-emergency service requests may be delayed.
- Courts are closed and livechat is inaccessible. All cases will be reset; jurors do not need to report for service and notices will be sent by mail.
- CSO – Saturday’s election is unaffected; Dallas County will share official information including results. Meeting notices are being posted and meetings may be viewed at dallascityhall.webex.com, dallascitynews.net/watch-live, and Spectrum channels 16 & 95 and AT&T U-verse at 99. Contracts may be delayed. Open records requests will be delayed.
- Dallas Public Library All branches are open and in-person checkouts continue; online materials are currently unavailable.
- DWU (water bills) Billing is unaffected; meter reading will be delayed. Only IVR can take credit card payments. Disconnections will be discontinued until the outage is resolved.
- DPD/DFW Service continues as usual.
- Dallas Animal Services is responding to emergency and injury requests but non-emergency response is delayed. Adoptions, fosters, rescue and return to owners are being handled on a case-by-case basis during regular business hours at 1818 N. Westmoreland Road.
- Development Services, Public Works, Permitting and Zoning applications and payments can't be received, permits can't be issued.
- Office of Special Events Permits can be applied for at the following links:
Special Event permit application
Neighborhood Market
Streetlight pole banner application
Commercial Filming - Women, Infants & Children - All clinics are maintaining normal operations and benefits are able to be issued.
- Code Compliance Services - Service request responses may be delayed. CCS is unable to process single-family and multi-tenant registrations at this time. Garage sale permits can only be issued in person at 3112 Canton St.
- Vital Statistics - Some records may be unavailable, particularly if they are from before 2005. Records are being issued with limited capacity. Vital Records can be called at 214-670-3092.
In a statement to WFAA, Dallas Police Department chief Eddie Garcia said police operations "have been significantly impacted by the outage."
"We want to ensure the public, even with these internal difficulties, police response continues across the city," Garcia continued. "Regardless of the uphill battles, our men and women will always answer calls for service."
Department workers are currently trying to bring the computer assisted dispatch system back online, Garcia said. Without the technology, dispatchers must take handwritten notes during 911 calls and relay information to officers in the field via radio.
National Black Police Association Dallas Chapter President Sgt. Sheldon Smith likened the process to a game of telephone. He warned that some details about location, for example, could be lost as information travels from person to person.
"Accuracy is very important now," Smith said. "Going to the wrong place at a critical time can be bad for whomever is calling for help."
Smith warned it could take police longer to respond to emergencies because some communication systems they rely on are inoperable. But Smith noted Dallas police worked for decades without similar technology.
"We know how to do it," he said. "But there are some that have never seen this."
In a March report, the FBI warned the Royal syndicate is targeting critical infrastructure with ransomware attacks.
Federal authorities found that Royal actors used phishing schemes to gain initial access to victims' networks in nearly 70% of prior incidents. Such an attack requires an unsuspecting person to click a bogus link, opening a cyber door for intruders.
It's not clear whether Royal used a phishing attack to gain access to Dallas's network, though.
"You could have the most secure environment with everything done right and in control, but if the right person clicks on the wrong thing, (criminals) could have access to anything they want," said Phillip Wylie, security solutions specialist for cyber firm CYE.
Whether Royal actors have access to sensitive information largely depends on how they broke into Dallas's server, Wylie said.
"It could be very deep," he said. "If they were able to compromise someone that's an administrator and come in that way, they've got access to anything they want."
In March, federal authorities also warned that Royal has a reputation for extortion. The group may threaten to release or sell stolen information if victims do not pay.
City officials have not explained whether the criminals obtained or downloaded sensitive information, or simply encrypted data to hold for ransom.
The city's security monitoring tools detected the ransomware attack early Wednesday morning, the city said in a message sent to councilmembers at about 9 a.m.
The text read, "a number of servers have been compromised with ransomware impacting several functional areas."
The city made the news public in a statement a few hours later.
Bhavani Thuraisingham, professor of computer science at The University of Texas at Dallas and founder of the Cyber Security Research and Education institute, said a ransomware attack likely means hackers got into the city's network, encrypted city data, and are asking for the city to pay to regain access to the data
She said news of an attack on a city worried her because of the potential crippling of emergency services.
On Wednesday, the city of Dallas did not answer any questions and instead pointed to statements posted to its city news website.
So it's not clear if the hackers made any demands of the city.
"I’d rather not pay the ransom," Thuraisingham said. "But in some cases you cannot avoid it. It depends on how prepared they were and whether they had backed up all the data and files they need."
She said hackers are getting bolder, leaving everyone vulnerable.
"All it takes is for the attacker to get into the machine of one person, and if you’re on a network it can spread to everyone on the network," Thuraisingham said.
Thursday morning, Dallas City Manager T.C. Broadnax released the following statement:
"Since City of Dallas’ Information and Technology Services detected a cyber threat Wednesday morning, employees have been hard at work to contain the issue and ensure continued service to our residents. While the source of the outage is still under investigation, I am optimistic that the risk is contained. For those departments affected, emergency plans prepared and practiced in advance are paying off. We apologize for any inconvenience and thank residents for their understanding as we continue to work around the clock until this issue is addressed. For updates, please keep an eye on dallascitynews.net."
The city had a previous outage on April 19, which caused a city council meeting that day to be canceled and rescheduled. The outage affected most city departments, including 311 and water utilities.
Dallas police had their own issues last year when a loss of data occurred, causing more than 8 million records to be deleted.