City of Dallas impacted by ransomware attack, police computer dispatch system down
DALLAS - The city of Dallas working to recover from a ransomware attack that has infected its servers, limiting the delivery of city services, including the police department.
FOX 4 learned about the breach through a tip and the city is continuing to be very tight-lipped, not making anyone available for interviews regarding the scope an impact of the attack.
The city released a statement on Wednesday afternoon confirming that a number of servers have been compromised with ransomware, impacting "several functional areas."
The ransomware attack kept city websites like Dallas police and water utilities offline all day.
While the attack impacted less than 200 devices, essential operations, like 911, remained working.
"All the attacker has to do is find one loophole, whereas we've got to be 100% that there's no such thing as 100% security yet," said Bhavani Thuraisingham, professor of computer science at UTD and director of the Cybersecurity Research Institute at UTD.
We have learned the attack's biggest impact is likely at the Dallas Police Department.
The department had reverted to its backup system, radio, to dispatch officers in response to 911 calls instead of its computer assisted dispatch system.
DPD says there is no issue or delay with 911 calls coming in or being dispatched.
The DPD and Dallas Fire Rescue websites were both down, but the city says service to residents is unaffected.
The city's municipal court system is also down. All jury trials were canceled on Wednesday and will be canceled on Thursday as well.
Those who tried to go to the city of Dallas website were shown an error message.
Online payment processing may be delayed by Dallas Water Utilities, but the city says they will not turn off anyone's water until the outage is resolved.
"Once the hacker gets into one machine, and if that machine is connected to a network, the entire network would crash, would be affected. And so we have to practice proper cyber hygiene," Thurasingham.
PREVIOUS COVERAGE: Ransomware attack takes down computers in Mansfield ISD
The city says security monitoring tools first spotted the attack on Wednesday morning.
Parts of the city's library site are also down. FOX 4 called the Dallas library staff, who told us services like getting a new library card were unavailable Wednesday because its system was down.
They also had to manually write down readers information if they checked out a book.
A message from the city's Chief Financial Officer, Jack Ireland, obtained by FOX 4 explains the situation:
"Early this morning, the City's security monitoring tools notified our Security Operations Center (SOC) that a likely ransomware attack had been launched within our environment. Subsequently, we have confirmed that a number of servers have been compromised with ransomware, impacting several functional areas. The team is actively working to isolate the ransomware to prevent its spread, to remove the ransomware from infected servers, and to restore any services currently impacted. Pursuant to the City's Incident Response Plan (IRP), the purpose of this message is to provide notification of an established security incident. We will provide further information about the remediation efforts and potential impacts to City services when available."
Ransomware is a widespread problem in which criminals gain access to computer servers, lock them out and demand payment in exchange for access.
While the Dallas city manager is not making any public statements about this ransomware attack, city's Government Performance and Financial Management Committee Chair Cara Mendelsohn and Vice Chair Gay Donnell Willis told us in a joint statement:
"Our vendors are on-site to assist IT management and staff in restoring functionality as soon as possible. We are encouraged the attack was limited due to newly implemented tools, but seems to have focused on public safety and servers that have impacted 311 primarily. Continued investment and updates to our IT department are needed to continue securing City of Dallas resident data and essential city records."
A spokeswoman for the Dallas Police Department told FOX 4 the FBI Task Force is investigating the attack.
As for how something like this can be prevented in the future Thurasingham said it’s about making sure all employees keep up what she calls good cyber hygiene and not being susceptible to phishing attempts.
Thurasingham compared taking cyber precautions to the pandemic.
"You have to wear a mask and all the things everything that we went through with all those horrible, you know, year or two that we had to go through," she explained. "And so, it's like that every day for us with cybersecurity. You know, think of it like a pandemic every day."
Dallas asks any resident with issues with a city service to contact 311 and for emergencies should call 911.
Experts tell FOX 4 at least 29 US local governments have been impacted by ransomware this year, and at least 16 of those had data stolen.