- Most of Dallas’ network and IT infrastructure has been restored following a ransomware attack in early May that took most of the city’s services offline and disrupted operations, the city said Monday.
- “Our staff has worked tirelessly to restore and rebuild systems and return all systems to full functionality as quickly and securely as possible,” the city said Monday in a statement. “At this time, we are more than 90% restored, with most public-facing services restored.”
- Dallas previously cautioned full functionality would take weeks and some services are still non-operational. The city’s municipal court reopened May 30, but trials and jury duty remain canceled until further notice and library staff are still tracking item availability manually.
Widespread outages across the city of almost 1.3 million people, the ninth-most populated city in the U.S., exemplified the persistent cyberthreats confronting municipalities.
Ransomware groups have attacked at least 34 local governments in the U.S. this year and nearly three-fifths are known to have data stolen during the attacks, according to Brett Callow, threat analyst at Emsisoft.
Royal, the threat actor responsible for the attack against Dallas, previously threatened to leak sensitive data if the city doesn’t pay the ransom. A follow through on that threat remains uncorroborated more than two weeks after Royal listed the city on its leak site.
City officials said they upgraded software and functionality at multiple departments during the ongoing recovery and workarounds remain in place as restoration efforts progress. Security operations and tools are also getting a refresh.
“We continue to work with our cybersecurity experts on additional steps to further enhance our security posture,” Dallas said in a statement. This includes the provisioning of additional cybersecurity software and controls, and a systemwide reset of all user accounts.
Impacted systems have also been completely rebuilt in a “new, secure environment,” city officials said.