Dallas is reeling from a ransomware attack just as early voting is slated to begin for a municipal general election that will determine the mayorship and council district representatives. The election, which is slated for Saturday, is unaffected by the attack, the city secretary’s office said in the statement.
“Since City of Dallas’ information and technology services detected a cyber threat Wednesday morning, employees have been hard at work to contain the issue and ensure continued service to our residents,” Dallas City Manager T.C. Broadnax said in a statement.
“While the source of the outage is still under investigation, I am optimistic that the risk is contained. For those departments affected, emergency plans prepared and practiced in advance are paying off,” Broadnax said.
The city on Thursday said it isolated the ransomware attack and is gradually recovering services.
Multiple city services are impacted. Courts remain closed, the city’s water utilities division is unable to process payments, permits cannot be issued, and the city is unable to receive applications for public works and zoning.
Dallas Police Chief Eddie Garcia on Thursday said police operations have been significantly impacted by the outage.
The department’s computer-assisted dispatch and field based reporting systems, internal shared drives and internal applications for personnel matters have been impacted, Garcia said in a statement. These functions are being performed manually while systems remain nonoperational.
Fire and police response remain unaffected, the city said in a statement that was last updated on Thursday afternoon. Dallas continues to receive and dispatch 911 emergency calls.
Websites for the city and the Dallas Police Department, which serves a population of nearly 1.3 million people, are still offline.
Who's to blame
The city pinned responsibility for the attack on the Royal ransomware group, a prolific threat actor that was the subject of a joint advisory issued by the FBI and Cybersecurity and Infrastructure Security Agency in March.
The attack marks the second ransomware attack linked to the Royal ransomware group in the Dallas metropolitan area in as many weeks. Royal claimed responsibility for an attack against the Lake Dallas Independent School District and listed the district on its leak site April 18, according to Emsisoft Threat Analyst Brett Callow.
Dallas is the ninth-most populated city in the U.S. and may be the largest city hit by a ransomware attack to date, Callow said.
Royal has yet to list Dallas on its leak site, according to Callow. Threat actors typically use this tactic to increase leverage by imposing a deadline and making threats to leak potentially sensitive data.