Dallas says it 'will likely take weeks to get back to full functionality' after ransomware attack

It will likely take weeks for government systems in the city of Dallas to operate normally following a ransomware attack, officials said on Friday afternoon.

For the last two weeks, the city has been engulfed in a massive recovery effort after the Royal ransomware gang caused significant damage to systems that manage the city’s police, fire department, courts, critical infrastructure and more.

Police officers have been forced to take handwritten notes, while firefighters said they are walking into dangerous situations blind without the typical information digitally relayed from dispatchers.

After significant backlash from police unions and others, the city made progress throughout last week in restoring some dispatch systems for police and firefighters. Sgt. Sheldon Smith told WFAA that there are still five- to 10-minute delays when they try to run the tags on a car or a license.

“Today, we're working like it's 1965 but it's 2023,” Smith said. “Officers have to adapt and overcome. But we don't have the full technology capabilities that we had three weeks ago, a month ago.”

Smith noted that the police are in the process of rebuilding their records system.

While city experts have made progress in restoring some systems over the last several days, officials said it will take weeks until everything returns to normal. Brian Gardner, the city’s chief information security officer, told The Dallas Morning News that they will “be working at this for weeks and months to do all the clean up.”

“There is still no indication data from residents, vendors or employees has been leaked. Given the complexity of checking, cleaning, and restoring interoperability to remaining departmental devices, systems and applications, it will likely take weeks to get back to full functionality,” the city said in a statement on Friday.

“If there is new restoration of a currently unavailable public-facing service, we will advise immediately. ITS will continue to work through the weekend.”

The ransomware incident in Dallas — a city of 1.3 million people — is just the latest cyberattack affecting a major U.S. municipal government. Just weeks ago, the City of Oakland was severely damaged by a wide-ranging ransomware attack that hampered city services for weeks and leaked troves of sensitive data about city residents and government officials onto the internet.

Officials said Dallas “is exploring all options to remediate this incident” but could not comment on “specific details which risk impeding the investigation or exposing vulnerabilities that can be exploited by an attacker.”

“911 calls continue to be entered into the Computer Assisted Dispatch (CAD) system. Dallas Police Department has been dispatching automatically since Monday and each day gains computer functionality with less reliance on paper backups,” the city said May 10. “22 Dallas Fire Rescue stations’ rescues and apparatus [ambulances and trucks] have been cleaned and partial resumption of automatic dispatch at cleaned locations is expected today.”

All court hearings, trials and payments are still disrupted by the ransomware attack and little indication has been given on when those services will return.

Dallas Water Utilities payment systems and meter reading software were back online by Thursday and the city controller was finally able to print checks to vendors so that payroll was not affected.

Public computers at libraries are also still down but WiFi is available to visitors. Materials can be checked out manually but books cannot be returned yet. The city government’s website and the website for the police department are back up and running.

Both Microsoft and CrowdStrike have assisted in the recovery effort alongside several Texas state agencies and the FBI.