The city of Dallas is recovering from a ransomware attack on its computer system on May 3 that affected some services including the Dallas Police Department website and the 911 system, although there was no effect on 911 calls and the outage has not affected police response.

The FBI defines ransomware as a type of malicious software, or malware, that prevents users from accessing their computer files, systems, or networks and demands a ransom for their return. Ransomware attacks can cause costly disruptions to operations and the loss of critical information and data.

On May 3, the city’s security monitoring tools discovered a likely ransomware attack, and staff confirmed that a number of servers had been compromised.

According to a release, the attack impacted several functional areas, including the Dallas Police Department Website. The City team, along with its vendors, began working to isolate the ransomware to prevent its spread; remove the ransomware from infected servers; and restore any services impacted.

ITS and its vendors are working around the clock to contain the outage and restore service, prioritizing public safety and public-facing departments.

A story on TechCrunch has a copy of a "ransom note" that reportedly showed up on city of Dallas printers, in which a group called Royal claimed responsibility, with a lecture that "most likely you decided to save some money on security. Alas your critical data was copied and can be published online."

What kind of ransomware gangsters use the word "alas"?

The same group perpetrated an attack on the Dallas Central Appraisal District website in late 2022. DCAD paid $170,000 to get back online. According to bitdefender, that attack was likely the result of an employee who got tricked by a phishing email.

Meanwhile, the city of Dallas offers this update as of May 4:

• DPD and Dallas Fire & Rescue service to residents is unaffected.
• 911 calls continue to be received and dispatched.
• 311 Calls are being answered but non-emergency service requests may be delayed.
• Courts are closed and LiveChat is inaccessible. All cases will be reset; jurors do not need to report for service and notices will be sent by mail.
• Saturday’s election is unaffected; Dallas County will share official information including results.
• Meeting notices are being posted and meetings may be viewed at dallascityhall.webex.com, dallascitynews.net/watch-live, and Spectrum channels 16 & 95 and AT&T U-verse at 99. Contracts may be delayed.
• Dallas Public Library All branches are open and in-person checkouts continue; online materials are currently unavailable.
• DWU Billing is unaffected; meter reading will be delayed. Only IVR can take credit card payments. Disconnections will be discontinued until the outage is resolved.

In a statement, city manager T.C. Broadnax said he's optimistic the risk has been contained.

"Since City of Dallas’ Information and Technology Services detected a cyber threat Wednesday morning, employees have been hard at work to contain the issue and ensure continued service to our residents," Broadnax said. "While the source of the outage is still under investigation, I am optimistic that the risk is contained. For those departments affected, emergency plans prepared and practiced in advance are paying off. We apologize for any inconvenience and thank residents for their understanding as we continue to work around the clock until this issue is addressed. For updates, please keep an eye on dallascitynews.net."