In an effort to address the aftermath of a devastating ransomware attack, the City of Dallas has announced the approval of an $8.5 million budget. This allocation will support the restoration of the city’s systems, which suffered significant damage in a cyberattack carried out by the notorious cybercrime gang known as Royal in May 2023.
Discovery and Action Taken
On May 3, 2023, city authorities discovered the presence of file-encrypting ransomware on multiple systems. It was quickly determined that the Royal gang was responsible for deploying this malicious software. During their surveillance period, Royal engaged in data exfiltration and preparations for ransomware delivery. Their activities resulted in an estimated data leakage of approximately 1.169 terabytes before May 3rd.
To contain the attack and mitigate further damage, the city promptly took high-priority services and specific servers offline. Restoration operations were immediately initiated to recover the impacted systems.
Data Exfiltration and Leakage
The Royal Gang’s surveillance activities allowed them to extract large amounts of sensitive data from the city’s systems. Prior to May 3, 2023, an estimated 1.169 terabytes of data were exfiltrated. This extensive data leakage posed a significant threat to the privacy and security of individuals, especially considering the compromised personal information of current and former personnel.
Impact on Personal Information
On August 7th, the Texas Attorney General’s office was notified by the City of Dallas about the attack and the subsequent compromise of personal information. The nature of the attack made it clear that the personal data of both current and former personnel was at risk. This event underscores the importance of safeguarding personal information and highlights the vulnerability that cities and organizations face in the digital age.
Budget Approval for Restoration Efforts
The Dallas City Council has taken swift action by approving an $8.5 million budget dedicated to computer-based intervention, mitigation, recovery, and restoration efforts directly related to the Royal ransomware attack. This substantial allocation reflects the urgency and seriousness of the situation.
Ongoing Removal and Remediation
As the removal and remediation efforts near completion, the city expects to provide an estimated final cost related to the attack by the end of the year. The comprehensive restoration process has required substantial resources and expertise, highlighting the magnitude of the attack on the city’s systems. Additionally, a second round of notifications will be sent to impacted individuals, potentially incurring additional costs.
Background on Royal Ransomware
The Royal ransomware group, active since September 2022 and operated by a private organization, has been a persistent threat across various sectors in the United States. Their targets have included critical infrastructure, communication systems, educational institutions, healthcare facilities, and manufacturing companies. This widespread attack highlights the need for enhanced cybersecurity measures and increased preparedness to combat such sophisticated threats.
The City of Dallas has taken significant steps to recover from the ransomware attack orchestrated by the Royal gang. With an $8.5 million budget dedicated to restoration efforts, the city is working diligently to restore its systems and mitigate the impact on individuals affected by the data breach. This incident serves as a sobering reminder of the ongoing threat posed by cybercriminals and emphasizes the importance of prioritizing cybersecurity measures to safeguard critical infrastructure and protect personal information.