The City of Dallas on Friday released a report that was expected to offer insight into the ransomware attack that crippled city services in early May.
The attack affected city websites and systems from police and fire to city courts and the library.
Friday brought the scheduled release of the city's monthly Technology Accountability Report, or TAR, for May. The report was expected to cover the time period of the attack and potentially shed more light on the extent of it. Click here to read the report in full or scroll down to see it.
The ransomware attack happened on May 3. According to the report released Friday, Dallas' IT team took additional measures as an immediate response to disconnect systems, services, and devices from the city's network to contain and prevent further spread of malicious software. The report also states the city organized and mobilized a broader incident support team to help in the management of the recovery activities.
Get DFW local news, weather forecasts and entertainment stories to your inbox. Sign up for NBC DFW newsletters.
The city is still working to get back online but in the latest update, systems are reported to be more than 90% restored.
“We continue to prioritize restoration of our city services. We appreciate the community’s support, and remain grateful to our team for their hard work throughout our response to this incident,” the city said in a statement posted on Thursday.
Click here to read a complete update by the City of Dallas posted this week.
The hacker group known as Royal took responsibility for the attack and eventually made threats to release personal data on court cases, medical records and other government documents.
At first, the city said there was no evidence of sensitive data being leaked. In Thursday’s update, the city said their teams are still investigating.
“We know there have been questions as to the impact of this incident and what, if any, sensitive data may have been affected as a result. Our teams remain hard at work to understand the facts of the situation and want to ensure that if the investigation determines that individuals’ sensitive information was involved in this incident, we will notify those individuals directly and provide resources to help protect their information in accordance with applicable law,” the city said in the statement.
NBC 5 spoke with cybersecurity expert Randy Haba with DKBInnovative in Frisco about why the report is important and what we should expect.
"I think a lot of people don't understand that these ransomware events, the intent is to gain money,” he said. "Because at the end of the day, if the city of Dallas is going to pay that ransom. Well, the residents of Dallas pay that ransom and the city has to be transparent in how their tax money was used. So, in some way, shape or form that is going to come out. It's just a matter of time. That is always divulged somewhere down the line."
Haba said out of caution, the city cannot talk too openly about what has been done to secure the systems but they might release basic information on what happened and why it happened.
“As well as, what the attack vector was, how they got into the system and then potentially what data, if any, was compromised and extracted. That will have to be a part of the report,” he said.
The report Friday described the work over the past month as 'painstaking'.
It has involved a comprehensive review of each system and device "to ensure they are free of malware, the installation and implementation of additional security components and protocols, and the rebuild, re-imaging, and restoration from back-ups of servers and devices where necessary", the report states.
According to Dr. Bhavani Thuraisingham, a cybersecurity expert with UT Dallas, the goal now is to strengthen the security of the systems and better educate staff on any weaknesses to prevent this from happening again.
She said the more employees, the more vulnerable a city or business is. Other cities in north Texas will likely look to reports like TAR to know how to keep themselves safe.
“I think they would want to attack large cities because that’s where they get maximum coverage,” she said. “It’s only going to give incentive to other groups including Royal to attack. Now will they attack Dallas again? They may not right away.”
Dr. Murat Kantarcioglu, a professor of computer science at UT Dallas, said getting back online as soon as possible is key.
"If you plan for it, of course. They said they have a plan for it, and I’m not criticizing or messing about their plan," Dr. Kantarcioglu said. "But what I’m saying is that whether your plan will take a certain amount of time…the question is, can you have a better plan which would cut this to something like 10 days? Half the time."
