May 4, 2023- Dallas Texas has confirmed Wednesday to have been struck by a ransomware attack which caused several IT based services to shut down.
The Dallas Police Department was also affected by this attack which led to 911 dispatchers having to write down received reports for officers rather than submit them via the computer-assisted dispatch system. The Dallas County Police Department’s website was also offline for part of the day due to the incident but has since been restored.\
During the attack several network printers on the City of Dallas’ network began printing out ransom notes this morning, with the IT department warning employees to retain any printed notes.
The perpetrator of the attack is believed to be a cybercrime syndicate by the name of Royal Ransomware. The Royal Ransomware is believed to have risen to power after the Conti cybercrime syndicate shut down its operation.
When launched in January 2022, Royal utilized other ransomware operations’ encryptors, such as ALPHV/BlackCat, to avoid standing out. However, they later started using their own encryptor, Zeon, in attacks for the rest of the year.
Towards the end of 2022, the operation rebranded into Royal and quickly became one of the most active enterprise-targeting ransomware gangs.
Like other ransomware gangs, Royal is known to steal data from networks before encrypting devices. This stolen data is then used as further leverage in extortion demands, with the threat actors warning that they will publicly leak data if a ransom is not paid.
At this time, it is unknown if any data was stolen from the City of Dallas during the attack.