Dallas courts, fire and police networks still crippled from ransomware incident
All municipal courts in Dallas will be closed on Monday due to a ransomware attack that was announced last week.
Despite statements from city officials claiming the recovery effort was slowly progressing, the fire and police departments told local news outlets they are facing massive issues as a result of the attack.
In a statement on Sunday, the city said staff and vendors worked “throughout this weekend to ensure progress toward service restoration” after the city confirmed on Wednesday that its systems had been hit by ransomware.
The Royal ransomware gang took credit for the attack, pushing out its ransom note through government printers throughout the week.
“As of Saturday, May 6, steady, measured progress continues with minimal service disruption. We are confident we have contained the source of the infection and not seen any new spread,” the city said.
Cybersecurity vendor CrowdStrike “continues to ensure that any City devices blocked and quarantined to prevent or contain the spread of the virus are clean before they are back in service,” the city said. “Microsoft continues work toward restoration of departmental web pages from backups, but the demand of so much activity on available systems is challenging capacity.”
The statement adds that officials have prioritized the restoration of the city’s Computer Aided Dispatch, one of the systems that underpins the 911 and 311 services.
They are also prioritizing public-facing services like government websites as well as systems for payment and permits.
Jim McDade, president of the Dallas Fire Fighters Association, told the Dallas Morning News that firefighters and police officers were running into several issues because dispatchers had to write down information by hand and relay it over radio networks, which were becoming overwhelmed with the number of calls.
McDade said firefighters typically received detailed information about a situation but were now going into emergency calls blind, only getting an address.
“Is it a mess? Yes. Is it potentially bad? Very,” McDade said. “If you ask just a regular firefighter out there, he just knows that dispatch is down. There’s also no way to communicate with everybody.”
Some calls are slipping through the cracks or being missed, while ambulances are being sent to the wrong location and younger officers are having to learn how things were run before systems were digitized starting in 2005.
Information vacuum?
In addition to the ransomware attack, Dallas police had a role in responding to the mass shooting in Allen,Texas, on Saturday that drew national attention. The suspect, 33-year-old Mauricio Garcia, lived in Dallas, and investigators spent much of Saturday searching his home.
Local TV news outlet WFAA noted that Dallas officers had difficulty in accessing information about any prior police calls to the home because computers are still down after the ransomware attack.
The Dallas Police Women’s Association criticized the city on Twitter Friday night, writing that they “have had no guidance, have been given no backup plan, and almost no information on what to expect as of now, three days later.”
“Thank goodness for the leadership of the unnamed few that came up with a few workarounds. This is a serious issue for officer safety in patrol. We are flying blind out there,” they wrote.
“It’s also a serious data breach incident. We have not heard a whisper from the chief of police, the mayor, or the city manager. This should be unacceptable, but here we are. The citizens of Dallas deserve better. The employees of Dallas deserve better. The first responders of Dallas, who put their lives on the line, absolutely deserve better. This should have never even happened. But for God’s sake- say SOMETHING.”
City officials did not respond to requests for comment about what police and fire officials said, but claimed on Saturday that both 911 and 311 calls are being answered and “being timely dispatched by radio.”
While other government services like water utilities and libraries are still operational, all are facing issues when it comes to bill paying and digital systems. The city has created temporary websites for permit requests but any services requiring computers has been limited by the ransomware attack.
“Please note, no one from the City of Dallas will reach out to members of the public to ask for payment in person or by phone. Never give out your password or payment information by phone or through an email link,” the city said, urging people to download a special app “to protect against cyber threats.”
“If you are contacted by someone seeking payment who claims to be from a City of Dallas department, please take note of the number they are calling from and the number they reached you on, then hang up and call the City of Dallas department they claim to be from to report this potential impersonation.”
City Manager T.C. Broadnax added that for the departments affected, emergency plans prepared and practiced in advance “are paying off” and that he is “optimistic that the risk is contained.”
The city initially claimed that “less than 200 of the city’s thousands of devices are impacted” but did not respond to requests for comment about whether that assessment was still accurate.
Incidents in Oregon and South Carolina
Dallas was far from the only municipality dealing with a ransomware incident.
Oregon’s Curry County – which has a population of about 23,000 – announced on Friday that it was also attacked by the Royal ransomware gang last week.
County officials said they began to experience issues on Wednesday April 26 before discovering that the server network was inaccessible, affecting all county departments. Cybersecurity firms were hired to help with the response and federal agencies were notified.
“County telephone service is uninterrupted, but email communications are not available at this time. The response team will be working around the clock to restore operations. At this time, we cannot estimate when full access and services will be restored,” county officials said.
“The County is prioritizing service returns to public safety and public-facing departments. No part of the vote counting process or the integrity of the upcoming election has been impacted by this incident.”
South Carolina’s Spartanburg County announced its own ransomware attack two weeks ago. It's is still causing issues for local officials.
The real estate industry has been severely damaged by the attack due to its reliance on the Register of Deeds department, which has been offline since the attack began. Title searches and submissions have ground to a halt due to the attack.
“We can’t turn anything else in which means we’re not making any money, which means the attorney can’t close the loans of the people waiting to purchase their dream home,” one attorney told local news outlet WYFF.
Jonathan Greig
is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.