featured 315411

Dallas Cyberattack: Swift Response Hailed, Websites Still Offline

The City of Dallas faces a significant cyberattack, leading to service disruptions and an ongoing recovery effort.

Editor’s Note: This comprehensive report synthesizes updates regarding the City of Dallas ransomware attack, initially reported on Wednesday, May 3, with subsequent official statements issued on Thursday, May 4, and Friday, May 5.

Dallas Battles Ransomware: City Services Navigated Through Cyber Crisis

The City of Dallas found itself under siege in early May, grappling with a sophisticated ransomware attack initiated by a group identified as “Royal.” The cyberattack, which began on Wednesday, May 3, swiftly disrupted various city webpages and critical digital services, posing an unprecedented challenge to municipal operations and resident access to essential facilities. This extensive report consolidates the timeline of events, the multi-faceted impact on Dallas’s services, the city’s robust response, and the ongoing efforts to restore full functionality while safeguarding public trust and data.

The Royal Ransomware Attack: A Chronology of the Cyber Incident

The ransomware incident unfolded rapidly, triggering an immediate and coordinated response from Dallas city officials and cybersecurity experts. Understanding the progression of the attack and the city’s evolving reaction provides crucial insight into the gravity of the situation and the resilience demonstrated by public service personnel.

Initial Compromise and Detection: Wednesday, May 3

The alarm was raised early Wednesday morning when the City of Dallas’s security monitoring tools detected unusual activity, signaling a likely ransomware attack within its network environment. Officials quickly confirmed that several servers had been compromised, leading to the disruption of various functional areas, including the Dallas Police Department’s website. The attack immediately forced the cancellation of City Council briefings, which rely on digital streaming services, highlighting the broad reach of the compromise. The incident served as a stark reminder of a similar network outage just weeks prior, though that event was resolved without confirmation of a ransomware link.

In response, the city’s Information and Technology Services (ITS) department, alongside expert cybersecurity vendors, initiated a rapid containment strategy. The primary goal was to isolate the ransomware to prevent further spread, remove it from infected servers, and begin the complex process of restoring affected services. Despite the digital chaos, city officials emphasized that the impact on essential services for residents was initially limited. Residents were advised to contact 311 for non-emergency issues and 911 for emergencies, both of which remained operational.

City of Dallas's Information and Technology Services team and expert cybersecurity vendors worked tirelessly to contain the ransomware attack.

Councilwoman Cara Mendelsohn, Chair of the Government Performance and Financial Management Committee, along with Councilwoman Gay Willis and Councilmember Ridley, were briefed on the attack. Mendelsohn commended the newly-implemented systems for helping identify and contain the incident, noting that established emergency plans were effectively put into action. She stressed the importance of continuous investment in the IT department to secure resident data and essential city records.

Critical Service Maintenance and Early Recovery: Thursday, May 4

By Thursday, the City of Dallas had confirmed the perpetrators to be “a group called Royal.” While webpages remained largely inaccessible, significant progress was reported in isolating the issue and beginning the gradual restoration of services. Priority was given to public safety and resident-facing departments, ensuring minimal disruption to critical functions.

City Manager T.C. Broadnax issued a statement reassuring residents about the city's response to the cyberattack.
T.C. Broadnax

City Manager T.C. Broadnax issued a statement, reassuring residents: “Since City of Dallas’ Information and Technology Services detected a cyber threat Wednesday morning, employees have been hard at work to contain the issue and ensure continued service to our residents. While the source of the outage is still under investigation, I am optimistic that the risk is contained. For those departments affected, emergency plans prepared and practiced in advance are paying off.” His message underscored the city’s preparedness and dedication to mitigating the impact on its citizens.

Updates from individual departments highlighted persistent challenges but also successful workarounds. Dallas Water Utilities (DWU) was unable to process payments, leading to a temporary halt in disconnections. Vital Statistics faced limited capacity, especially for older records. Courts remained closed, with all cases to be reset and jury service suspended. The City Secretary’s Office noted that Saturday’s election was unaffected, with Dallas County managing official information, and city meetings remained viewable via alternative channels like Webex and Spectrum.

Ongoing Restoration Efforts and Public Guidance: Friday, May 5

By Friday afternoon, the City of Dallas continued to provide updates, emphasizing the tireless efforts of ITS and its cybersecurity vendors. Significant progress had been made in isolating the virus and progressively restoring services, with public safety and direct resident services remaining top priorities. While the recovery process was acknowledged as ongoing, the city maintained that essential services were largely preserved due to proactive security preparations and swift incident response.

The City of Dallas is working tirelessly to restore all services and ensure public safety following the ransomware attack.

A key concern for residents following such an attack is the security of their personal data. The City of Dallas affirmed its commitment to monitoring for any potential data leaks, stating, “For years the City has monitored to ensure that residents’ and vendors’ information is not leaked. If it were, we would advise the public immediately. At this point, we do not believe that’s the case.” This reassurance was critical in maintaining public confidence amidst the disruption.

Furthermore, the city issued vital cybersecurity advice, warning residents against potential phishing attempts. They explicitly stated, “no one from the City of Dallas will reach out to members of the public to ask for payment in person or by phone. Never give out your password or payment information by phone or through an email link.” Residents were encouraged to install the Dallas Secure app for enhanced protection.

Dallas City Hall announced a possible ransomware attack, causing network outages and service disruptions.

Comprehensive Impact on City of Dallas Services

The ransomware attack by the Royal group had a varied impact across Dallas’s municipal departments. While critical emergency services demonstrated remarkable resilience, many administrative and non-emergency functions experienced delays or temporary shutdowns, necessitating alternative solutions for residents.

Emergency and Public Safety Services: Unwavering Commitment

Throughout the incident, the city’s most vital public safety functions remained operational, a testament to robust emergency protocols and the dedication of first responders.

  • 911 and 311 Calls: Emergency 911 and non-emergency 311 calls continued to be answered and dispatched without interruption. While the online 311 portal and OurDallas app were temporarily unavailable, residents could still submit service requests by phone or in person.
  • Dallas Police Department (DPD) and Dallas Fire-Rescue (DFR): Both departments maintained normal service levels, with timely dispatch via radio ensuring continuous public safety response.

Essential Municipal Operations: Navigating Disruptions

For other city services, the impact ranged from minor delays to complete unavailability of online systems, requiring residents to adapt to new procedures.

  • 311 Services: While phone lines for non-emergency requests remained active, the OurDallas app and online service portal were inaccessible. Residents with non-emergency needs were advised to call 311 or visit City facilities during regular business hours for in-person assistance.
  • Dallas Water Utilities (DWU): Water service itself was unaffected, and critical disconnections were suspended until the outage was resolved. Online payments were temporarily unavailable, but residents could pay by mail or in person. Importantly, late fees for payments that could not be processed due to the outage were waived. DWU autopay was scheduled to resume once service was restored. For questions, residents could call (214) 651-1441 or visit the water lobby at City Hall.
  • Sanitation: Waste collection schedules remained on track, and disposal sites operated normally. Residents experiencing missed service were instructed to call 311.
  • Office of Community Care (WIC & Vital Statistics): Clinics for Women, Infants, and Children (WIC) continued to operate and provide benefits as usual. Vital Statistics was issuing records, though residents were advised to call 214-670-3092 beforehand to confirm availability, especially for records prior to 2005, which experienced limited capacity.
  • Dallas Public Library: All library branches remained open and fully operational for in-person checkouts. Digital media via Hoopla and Overdrive was also available. However, online materials were temporarily inaccessible, and internet-connected computers might have been limited, prompting users to call ahead. Late fees for materials due during the outage were suspended.
  • Dallas Animal Services: This department continued to handle adoptions, fosters, rescues, and returns to owners on a case-by-case basis, with in-person services available at 1818 N. Westmoreland Road during regular business hours. Emergency and injury requests were prioritized, with non-emergency responses potentially delayed.
  • Code Compliance: Response to service requests was subject to delays. The department was unable to process Single-Family and Multi-Tenant registrations. Garage sale permits could only be issued in-person at their headquarters located at 3112 Canton Street.
  • Development Services: This department could review paper plans for walk-ins at 320 E. Jefferson Blvd., but crucial Permitting, Public Works, and Zoning application and payment systems were offline. Consequently, new submissions could not be received or approved, and permits could not be issued, causing significant delays for construction and development projects.
  • Municipal Court: The Municipal Court remained closed, with all court hearings and trials canceled. Cases scheduled during the outage were to be reset, and updates would be mailed to affected individuals. Citation payments and documents due during the closure would be accepted once services were restored. Jurors were advised not to report for service.
  • Office of Special Events: While city webpages were undergoing restoration, specific direct links were provided for submitting special event permit requests:
    • Special Event, Commercial Promoter, and Fair Park Parking License Application
    • Street Pole Banner Application
    • Commercial Filming
    • Neighborhood Market
  • City Secretary’s Office (CSO): Open Records Requests experienced delays. City meeting notices were posted, and meetings could be viewed at dallascityhall.webex.com, dallascitynews.net/watch-live, and on Spectrum channels 16 & 95 and AT&T U-verse at 99. Contract processing was also subject to delays.

The City’s Proactive Response and Cybersecurity Measures

The City of Dallas’s response to the Royal ransomware attack demonstrated a blend of immediate incident management and reliance on previously established cybersecurity frameworks. The Information and Technology Services (ITS) department, in collaboration with expert cybersecurity vendors, has been the linchpin in mitigating the attack’s effects and leading the recovery.

City officials credited the swift identification and containment of the attack to “newly-implemented systems” and proactive emergency plans, which were designed and practiced in advance for such critical incidents. This strategic investment in cybersecurity infrastructure, including the “Technology Accountability Report” instituted by the Government Performance and Financial Management Committee, proved invaluable in understanding and governing IT needs. The presence of on-site vendors further expedited the efforts to restore functionality and secure city networks.

Throughout the crisis, transparency and public communication were key, with regular updates shared via DallasCityNews.net. Chief Information Officer William “Bill” Zielinski was scheduled to brief the Public Safety Committee, underscoring the serious attention the incident commanded at the highest levels of city governance.

The City of Dallas’ preparation for security threats and early response to network outages caused by a cyberattack May 3 have maintained essential City services for residents throughout the week.

Since Wednesday morning, when a group called Royal initiated an illegal attack targeting the City, Dallas’ Information and Technology Services (ITS) department and ITS’ expert cybersecurity vendors have effectively worked nonstop to swiftly isolate a virus and gradually restore service, prioritizing public safety and resident-facing departments. Much progress has been made, but the recovery process is ongoing.

Thanks to heroic teamwork by our first responders, key public safety functions continue as usual despite technical difficulties. 911 and 311 calls are being answered and Dallas Police Department and Dallas Fire-Rescue are being timely dispatched by radio.

For residents with non-emergency needs, 311 is still taking service requests by phone but the OurDallas app and online portal are temporarily unavailable. Another option is service in person at City facilities during regular business hours.

Sanitation collection remains on schedule and disposal sites are operational during regular business hours. If service is missed, please call 311.

Dallas Water Utilities service is unaffected, and disconnections are discontinued until the outage is resolved. Statements may be paid by mail; however, for those who prefer to pay in-person or online, late fees will not be charged for payments that cannot be processed until service is restored. DWU autopay will draft when service is restored. If you have questions or need assistance, please call (214) 651-1441 or walk into the water lobby at City Hall Monday through Friday between 8 a.m. to 5 p.m.

Office of Community Care clinics for Women, Infants and Children (WIC) are open and providing benefits. Vital Statistics is issuing records, but to ensure any records sought are available before you arrive, please call 214-670-3092.

Dallas Public Library branches are open, operational, and can check out media to residents with a library card; however, residents with media due to be returned are asked to hang on to it a little longer. There will be no late fees charged for materials due during the service outage. Digital media is also available via Hoopla and Overdrive. Internet-connected computers may be limited, so users in need of online device access should call ahead to their respective branch.

Dallas Animal Services continues handling adoptions, fosters, rescues, and returns to owners in-person on a case-by-case basis at 1818 N. Westmoreland Road, 75212.

Code Compliance is issuing garage sale permits only in-person at their headquarters at 3112 Canton Street, 75226.

While pages on the City’s website are being restored, Special Events permit requests may be submitted through the following direct links:

  • Special Event, Commercial Promoter, and Fair Park Parking License Application
  • Street Pole Banner Application
  • Commercial Filming
  • Neighborhood Market

Development Services can review paper plans for walk-ins at 320 E. Jefferson Blvd., 75203 during regular business hours. However, while Permitting, Public Works, and Zoning application and payment systems are offline, submissions cannot be received or approved. This is a dynamic situation, and patience is appreciated while we focus on expediting full-service restoration.

Municipal Court remains closed Monday, May 8. There will be no court hearings and no trials. Cases scheduled during this outage will be reset, and updates will be mailed. Citation payments and documents due while Municipal Court is closed will be accepted after service is restored. Please note, no one from the City of Dallas will reach out to members of the public to ask for payment in person or by phone. Never give out your password or payment information by phone or through an email link. To protect against cyber threats please install the Dallas Secure app on your iOS or Android device. If you are contacted by someone seeking payment who claims to be from a City of Dallas department, please take note of the number they are calling from and the number they reached you on, then hang up and call the City of Dallas department they claim to be from to report this potential impersonation.

For years the City has monitored to ensure that residents’ and vendors’ information is not leaked. If it were, we would advise the public immediately. At this point, we do not believe that’s the case. Please pardon the inconvenience, thank you again, and stay safe!

City of Dallas public statement, May 5

Protecting Residents: Cybersecurity Awareness and Future Outlook

The Dallas ransomware attack underscores the persistent and evolving threat of cybercrime targeting public institutions. For residents, it serves as a critical reminder of the importance of personal cybersecurity vigilance, especially during periods of disruption to online government services.

Lessons from Previous Attacks: Dallas Central Appraisal District

The City of Dallas’s experience is not isolated. Just months prior, the Dallas Central Appraisal District was paralyzed for months by a massive ransomware attack, eventually confirming a payment of $170,000 to hackers. Such incidents highlight the vulnerability of even well-resourced public entities and the severe consequences for citizens who rely on these services. The city’s swift response and ability to maintain critical functions, in contrast to the prolonged disruption experienced by the Appraisal District, suggests the value of their recent investments in cybersecurity and emergency preparedness.

Staying Secure: Advice for Dallas Residents

In the wake of the cyberattack, the City of Dallas provided crucial advice to protect residents from potential secondary threats such as impersonation attempts:

  • Beware of Scams: Citizens were explicitly warned that no city official would contact them directly via phone or email to demand payment or sensitive personal information.
  • Verify Communications: If contacted by someone claiming to be from a city department and requesting payment, residents should note the caller’s number and the number they were reached on, then immediately hang up. They should then independently call the legitimate city department to report the potential impersonation.
  • Install the Dallas Secure App: To enhance personal device security, the city recommended installing the Dallas Secure app, available for iOS and Android devices.

Continued Vigilance and Recovery

The Royal ransomware attack on the City of Dallas serves as a powerful reminder of the relentless nature of cyber threats in the modern digital landscape. While the immediate crisis management demonstrated the city’s preparedness and the dedication of its staff, the incident also underscores the imperative for continuous investment in cybersecurity infrastructure, ongoing training for personnel, and clear communication strategies for the public.

As the recovery process continues, the City of Dallas remains committed to fully restoring all affected services and strengthening its digital defenses to protect against future attacks. The collaboration between city departments, external cybersecurity experts, and vigilant residents will be crucial in ensuring the long-term resilience of Dallas’s essential public services in an increasingly complex cyber environment. The community’s patience and understanding during this dynamic situation continue to be invaluable as the city works tirelessly to return to full operational capacity.