Dallas County ‘interrupted’ data exfiltration, prevented encryption after attack

Dallas County provided an update on the ransomware attack that was reported this week, telling residents that they were able to stop the incident before the hackers could encrypt files or systems.

On Monday, the county of nearly 3 million residents confirmed it was dealing with a cybersecurity incident after the Play ransomware gang claimed it breached their systems this weekend.

On Tuesday evening, the county released a follow-up statement providing more details about the incident. “Due to our containment measures, Dallas County interrupted data exfiltration from its environment and effectively prevented any encryption of its files or systems,” they said.

“It appears the incident has been effectively contained, partly due to the measures we have implemented to bolster the security of our systems.”

They attributed their defensive success to the deployment of endpoint detection and response (EDR) tools, forced password changes, multi-factor authentication and more.

They did not explain how the hackers initially got into their systems but said “there is no evidence of ongoing threat actor activity in our environment.”

“Given these measures and findings, it appears at this time that the incident has been successfully contained and that Dallas County's systems are secure for use,” they said, adding that the initial attack only affected a portion of their network.

The county hired an unnamed cybersecurity company to assist in their remediation efforts after the attack was discovered — the investigation is ongoing.

Counties have faced a barrage of attacks in 2023 as ransomware gangs focus their efforts on government bodies with the least amount of protections.

Ransomware gangs have caused significant issues to county government systems in Delaware, California, South Carolina, New Jersey, Oregon, Florida, Ohio, Wisconsin, Mississippi, West Virginia, Georgia, and Missouri.

Earlier this year, a major county in New York outlined the months-long devastation caused by a 2021 ransomware attack, explaining that police departments, tax offices and even basic government functions were hampered by the incident.

The Play ransomware gang has continued its streak of high-profile attacks this year. The group caused outrage with its attack on the city of Oakland, which is still dealing with the ramifications of its February attack.

The Swiss government warned in June that the hackers stole data on citizens after an attack on one of their IT providers.

The ransomware gang first emerged in July 2022, targeting government entities in Latin America, according to Trend Micro, and has also attacked the Massachusetts city of Lowell and Belgium's Antwerp as well as several companies across Europe.