Dallas, still recovering from ransomware attack, marks milestone with return of courts

Several city services in Dallas have been reinstated since a ransomware attack took down several agencies on May 3, but the pace of progress highlights how devastating the incident has been.

Dallas Municipal Courts reopened on Tuesday but trials and jury duty will resume at a later date. Documents can be requested and payments can be processed online, and administrative hearings for parking violations have resumed. Other kinds of court hearings resumed on Thursday.

The Texas city has slowly restored much of its network since the Royal ransomware gang took credit for the attack and caused significant damage to systems used by police, the fire department, courts, critical infrastructure and more.

Police officers have been forced to take handwritten notes, while firefighters said they are walking into dangerous situations blind without the typical information digitally relayed from dispatchers.

A city spokeswoman told Recorded Future News that the Dallas Central Appraisal District — which manages property taxes — is back online alongside the city’s records management system and jail intake platforms.

“Personnel applications, along with our evidence retrieval system, are also back online. ITS continues to work to get all servers back online, along with department share drives,” the spokeswoman said.

The city’s representatives added that teams of experts are working day and night to make sure every arm of the local government is fully recovered.

Dallas Public Library workers still have to manually track the availability of borrowed books while the city’s reservation system remains online. Patrons can still borrow books and other items but have been instructed not to return anything until the system is restored.

A city spokesperson said officials have focused their restoration efforts on public safety and public-facing services in an effort to minimize the attack’s impact on the city and its residents.

“We continue to work with our cybersecurity experts on additional steps to further enhance our security posture, including implementing additional cybersecurity software, deploying a system-wide reset across all user accounts, expediting the implementation of additional controls, and completely rebuilding impacted systems in a new, secure environment,” the spokesperson said.

“We appreciate our community’s patience as we continue investigating and addressing this matter.”

For weeks, the city struggled with providing basic services like the issuance of birth and death records and more.

The city denied last week that there is evidence of a data leak despite the ransomware group’s wide access to the city’s network. But officials said they are monitoring the Royal ransomware gang’s posts to see if data will be released.

But in official statements published on its temporary website, the city did not rule out paying a ransom, writing that it is “exploring all options to remediate this incident.”

The city said it may take weeks to fully recover from the incident and faced some backlash from police officers, firefighters and emergency service workers who initially disputed claims that communication systems for emergencies had been restored.

The ransomware incident in Dallas — a city of 1.3 million people — is just the latest cyberattack affecting a major U.S. municipal government. Just weeks ago, the City of Oakland's networks were severely damaged by a wide-ranging ransomware attack that hampered city services for weeks and leaked troves of sensitive data about city residents and government officials onto the internet.

Since the attack on Dallas, several other municipalities have faced their own ransomware attacks, including the 200,000-resident city of Augusta, Georgia.