Dallas ransomware attack shuts down systems, forces public safety to use backup communication protocols

For the last week, information technology administrators in Dallas have been working around the clock to mitigate the impact of a widespread ransomware attack that disrupted business, caused first responders to impliment backup communication protocols, and took public-facing digital infrastructure offline.

Since the early morning hours of last Wednesday, when ransomware was discovered in the system, Bill Zielinski, chief technology at the city said officials have been exploring “all options to mitigate this incident.” Ransomware either locks administrators out of the system or threatens to expose vital information if a ransom isn’t paid. It’s typically introduced to a system by either a spear phishing or phishing scheme that tricks users into giving up their credentials or allowing access to the system via malicious links.

An update from Dallas about the ransomware attack posted on the city’s news website, dallascitynews.net, did not say whether a ransom would be paid, citing an ongoing investigation. In the short term, the cyberattack shut down municipal courts, library computers and online payments, restricted record keeping, among other things. It delayed services, caused some departments to suspend normal operations, and forced emergency dispatchers to take down information by hand and share it via radio. Some of the disruption came when city administrators halted services to mitigate the damage.

“The first step is responding to the threat itself. That’s why we took the proactive steps to take systems and services offline. It prevents the implementation (spread) of malware in those systems,” Zielinski said, presenting the latest publicly available information on the ransomware cyber breach to city officials at the Dallas Public Safety Committee’s meeting on Monday. 

Identifying the source of the ransomware attack and how the malware was introduced to the system is the next phase. “The third step is to scour the environment to find every infected device,” he said. The only way to make sure the virus is completely expunged is either to completely clean every device, or bring in replacements.

To read the complete article, visit American City & County.