x
Breaking News
More () »

Dallas municipal court system still down, some fire department devices found infected a week after ransomware attack

The municipal courts still cannot take payments in person, online or by phone. The situation’s far from normal for the police and fire departments.

DALLAS — The city of Dallas continues to dig its way back to normal after reporting eight days ago that it’d been hit by a crippling ransomware attack.

In the immediate aftermath, the attack forced the city to take offline the police and fire department’s computer-aided dispatch system, the police department’s website and the city’s website. The city also closed its municipal court’s system. The city’s development services, public works, permitting and zoning couldn’t take applications or payments, nor could permits be issued.

“Unfortunately, mistakes have been made,” said Jim McDade, president of the Dallas Fire Fighters Association. “Some people have had difficulty getting in through 911, getting their calls answered in a timely manner, and then getting the proper equipment dispatched to them to take care of their emergencies. It's impossible to know exactly how many mistakes were made.”

As of now, the computer-aided dispatch system is partially back online. The websites have been restored. Development services can accept payments, issue permits and receive plans electronically.

The municipal courts still cannot take payments in person, online or by phone, according to the court’s website. It also says there are “no court hearings, trials or jury duty until further notice.”

The situation’s far from normal for the police and fire departments.

Officers continue to handwrite reports. They still can’t use their in-car computers to check license plates or check for warrants, and instead they have to rely on dispatchers to do it for them.

“If you're running a tag on a car, there may be a five or 10-minute delay,” said Sgt. Sheldon Smith, chapter president of National Black Police Association. 

“If you run a person, you get that same type delay. Nothing is coming fast. Nothing," he said. 

The servers for the police department’s records management system and field-based reporting system, which officers use to write their reports, are being be rebuilt, according to an email obtained by WFAA. 

“Today, we're working like it's 1965 but it's 2023,” Smith said. “Officers have to adapt and overcome. But we don't have the full technology capabilities that we had three weeks ago, a month ago.”

When the dispatch system went offline, it also meant the system that automatically made sure that the closest station was dispatched wasn’t working. Suddenly, dispatchers dug out maps to figure which station was closest.  

That part of the dispatch system is now back online, McDade said. But calls are still being dispatched through the computer, over the radio and even by phone at times, McDade said.

“It's 100% creating delays,” McDade said.  

Technicians are painstakingly checking every computer. As of Wednesday afternoon, for example, about 30 fire department devices had been found to be infected with the virus, so now they’re having to be wiped and reimaged. 

“It's a long painful process and there is no quick fix,” said said Brett Callow, a threat analyst with cybersecurity firm Emsisoft.

A hacking group called “Royal” previously claimed responsibility for the attack.

Callow told WFAA that the hacking group’s negotiation site, where they try to exhort victims, remains online. But he says the site where they put their leak materials has been taken down. He said that’s an indication they may be about to fold and rebrand themselves under a new name as has happened in other high-profile cases.

“The people involved with ransomware operations don't necessarily like high profile attacks,” Callow said. “It's going to attract law enforcement attention on them. My guess is that Royal as a brand is going to end after the Dallas incident and the hackers will start a new venture.”

City officials also said in a news release Wednesday that "at this time, it does not appear any personal data of employees or residents has been leaked."

Callow said based the size and scope of the attack, it’s highly likely that personal data was, in fact, compromised.

“If I was a resident of Dallas, I would be concerned that the hackers have whatever information the city holds about me,” he said.

Before You Leave, Check This Out