Dallas city government confirms ransomware attack affecting police and other services

The city of Dallas confirmed on Wednesday that it is dealing with a ransomware attack that has affected numerous IT systems and shut down the website of the police department.

In a statement, the city told Recorded Future News that the city’s security monitoring tools notified their security operations center Wednesday morning that “a likely ransomware attack had been launched within our environment.”

“Subsequently, the City has confirmed that a number of servers have been compromised with ransomware, impacting several functional areas, including the Dallas Police Department Website,” a spokesperson said.

“The City team, along with its vendors, are actively working to isolate the ransomware to prevent its spread, to remove the ransomware from infected servers, and to restore any services currently impacted. The Mayor and City Council was notified of the incident pursuant to the City’s Incident Response Plan (IRP).”

The spokesperson added that the city is currently working to assess the impact, but said that the attack only had a “limited” effect on the delivery of city services. Both 911 and 311 are still operating, they said.

A spokesperson for the Dallas Police Department (DPD) also confirmed that they are being affected by the ransomware attack. The police department website is currently down, but the spokesperson would not say whether other police systems are still operating.

CBS News reported that the cyberattack “is impacting DPD's computer assisted dispatch system, called CAD, which directs police to emergencies and other calls.”

Operators can still take emergency calls but they have to write down information by hand and relay it to officers through their phones and radios, CBS News reported.

The city's court systems were also affected by the attack. Government workers said after the ransomware attack began, their office printers began to print the following message suggesting that the Royal ransomware group was behind the incident.

The Texas Department of Information Resources, which typically helps government agencies in the state respond to incidents, declined to comment on what resources are being provided to the city’s government.

The ransomware attack on Dallas – a city of 1.3 million people – is just the latest cyberattack affecting a major U.S. city. Just weeks ago, the City of Oakland was severely damaged by a wide-ranging ransomware attack that hampered city services for weeks and leaked troves of sensitive data about city residents and government officials onto the internet.

Ransomware attacks on cities as large as Oakland have become rarer in recent years as governments step up their cybersecurity protections and groups target smaller governments with less resources. New Orleans, Atlanta and Baltimore dealt with major attacks in 2018 and 2019. Tulsa also reported an attack by the Conti ransomware group in 2021.

Atlanta was forced to spend more than $9.5 million recovering from the incident and Baltimore reportedly spent $19 million dealing with their attack.

Updated 5/4/2023 at 3:02 pm to include details about printed messages suggesting the attack was launched by the Royal ransomware group.