Dallas city sites still down after cyberattack

Several city services, including the municipal courts and the library catalog, remain offline after a ransomware attack on Dallas servers.

Driving the news: City officials have said it could take weeks before all systems are fully restored after the cyberattack on May 3.

• Calls to 911 and 311 have been handled through backup systems.

Why it matters: Ransomware attacks have become endemic, transitioning from a nuisance to a persistent threat to government agencies and businesses.

• The Dallas Central Appraisal District paid $170,000 after a similar attack in the winter, per the DMN.

How it works: Hackers install file-encrypting malware on an organization’s networks, taking its data hostage and shutting down systems until the hackers are paid.

• Many ransomware gangs are well-organized and regularly rebrand themselves to avoid detection.

Flashback: The appraisal district's site, servers and emails were shut down on Nov. 8.

• After that attack, Dallas IT staff "took immediate action" to update network firewalls and review the city’s own infrastructure, they said in a city memo.

Details: The appraisal district was targeted by ransomware gang Royal, which is also believed to be behind the most recent cyberattack.

• The group has targeted seven local governments, including Dallas', since 2022 and hit 14 educational institutions, reports Axios' Sam Sabin.
• Royal appears to include former members of Conti, a defunct Russian ransomware gang.

Threat level: Ransomware made up 68% of all cyberattacks last year, per a report from cybersecurity firm Sophos. The attacks dropped slightly in 2022 after skyrocketing in 2021.

The bottom line: Though some city services are still affected, it doesn't appear that personal data of residents, city employees or city vendors has been leaked, per city officials.