City of Dallas identifies group responsible for network outage, ransomware attack

Dallas officials gave an update Thursday after announcing that city servers were under a cyberattack Wednesday, affecting several city services.

“Vendors continue to work around the clock to contain the outage and restore service, prioritizing public safety and public-facing departments,” the city said in the update.

A ransomware group called “Royal” initiated the attack, according to city officials.

Bill Zielinski, the chief information officer for Dallas, will give a briefing on the attack on Monday, May 8.

As of 10 a.m. Thursday, the city provided the following updates on services:

• Dallas Police Department and Dallas Fire -Rescue service to residents is unaffected.

• 911 calls continue to be received and dispatched.

• 311 calls are being answered, but non-emergency service requests may be delayed.

• Courts are closed and LiveChat is inaccessible. All cases will be reset; jurors do not need to report for service and notices will be sent by mail.

• Saturday’s election is unaffected. Dallas County will share official information including results. Meeting notices are being posted and meetings may be viewed at dallascityhall.webex.com, dallascitynews.net/watch-live, Spectrum channels 16 & 95, and AT&T U-verse at channel 99. Contracts may be delayed.

• All branches of the Dallas Public Library are open and in-person checkouts continue. Online materials are currently unavailable.

• Billing for Dallas Water Utilities is unaffected, but meter reading will be delayed. Only the department’s interactive voice response system can take credit card payments. Disconnections will be discontinued until the outage is resolved.

On Wednesday morning, the City of Dallas’ security monitoring tools notified the Security Operations Center that a likely ransomware attack had been launched on their servers.

The city confirmed later Wednesday that a number of servers have been compromised with ransomware, impacting “several functional areas,” including the Dallas Police Department website, the city said in a news release.

“The City team, along with its vendors, are actively working to isolate the ransomware to prevent its spread, to remove the ransomware from infected servers, and to restore any services currently impacted,” Dallas officials said in the release.

The mayor and City Council were notified of the attack in accordance with the city’s incident response plan.

The city is working to assess the complete impact, but “at this time, the impact on the delivery of City services to its residents is limited,” Dallas officials said in the Wednesday release.

If residents are experiencing any issues with a particular city service, they are asked to contact 311. For emergencies, they should contact 911.

The outage does not appear to be affecting 911 calls, according to a report from the Dallas-Morning News. But the computer-assisted dispatch system was down, and dispatchers were using a backup radio system to communicate with officers.

“Since City of Dallas’ Information and Technology Services detected a cyber threat Wednesday morning, employees have been hard at work to contain the issue and ensure continued service to our residents. While the source of the outage is still under investigation, I am optimistic that the risk is contained,” said Dallas City Manager T. C. Broadnax in Thursday’s update. “For those departments affected, emergency plans prepared and practiced in advance are paying off. We apologize for any inconvenience and thank residents for their understanding as we continue to work around the clock until this issue is addressed. For updates, please keep an eye on dallascitynews.net.”