One month after ransomware attack, Dallas reports 90% of its network has been restored

More than a month after a crippling ransomware attack on May 3, administrators from Dallas, Texas say they’ve restored more than 90% of the city’s network.

“Our staff has worked tirelessly to restore and rebuild systems and return all systems to full functionality as quickly and securely as possible,” reads a statement issued last week from the city about the progress. “We continue working diligently to restore full functionality as quickly as possible and will continue to keep the community informed with relevant updates throughout this process.”

At its worst point, the cyberattack shut down the city’s municipal court system, restricted record keeping and took the library’s computers and online payment system offline. It delayed city services, caused some departments to suspend normal operations, and forced emergency dispatchers to take down calls by hand. Further disruption to typical operations occurred when city administrators paused the system to survey and repair damaged areas.

Notably, ransomware either locks administrators out of their system or threatens to expose vital information if a ransom isn’t paid. It’s typically introduced by either a spear phishing or phishing scheme that tricks users into giving up their credentials or allowing access to the system via malicious links.

Despite the disruption, city services continued to function in some capacity because of “successful planning and preparation,” the statement says. “Dallas Police Department, Dallas Fire-Rescue, 911 and 311 rose to the challenge and took quick action to implement workarounds to meet residents’ needs, answering and responding to incoming calls despite a brief interruption to our Computer Aided Dispatch (CAD) system. Backup measures immediately allowed service to continue until we brought systems back online May 6.”

Dallas Water Utilities’ payment system and meter reading software has likewise been restored, although the city library’s reservation system is still offline. Librarians continue to manually track item availability and borrowing.

“Workarounds remain in place as we build on our restoration progress with a focus on public safety and public-facing services—including Dallas Animal Services—and minimizing the impact to our community,” the statement continues. “We continue to work with our cybersecurity experts on additional steps to further enhance our security posture, including implementing additional cybersecurity software, deploying a system-wide reset across all user accounts, expediting the implementation of additional controls, and completely rebuilding impacted systems in a new, secure environment.”

Those concerned that their personal information might have been leaked during the incident are advised to monitor their acount balances and statements, review credit reports, and consider placing a fraud alert on their credit report or accounts.

Broadly, the Dallas ransomware attack highlights a growing need for local governments throughout the United States to take their cyber defenses seriously—and invest in information technology departments accordingly. In the second half of last year, for example, recently published research from the software company CloudSEK XVigil documented a 95% increase over 2021 in the number of cyberattacks targeting government organizations globally.

“Threat actors have evolved immensely in the way they operate. Although the primary motive of most of the threat actors is exfiltrating data and selling it for monetary benefit, it is not the only reason they target government entities,” reads the report, “Unprecedented Increase in Cyber Attacks Targeting Government Entities in 2022.” “Statistics are suggestive of the fact that cyberattacks in this particular industry are no longer limited to financial gains; rather, they are now used as a means to express support or opposition for certain political, religious, or even economic events and policies.”

Given the dramatic rise in threats, the report stresses a need for governments to increase their cyber capabilities and collaborate with private sector organizations to create robust defense networks.