Threat of Confidential Data Release in Dallas Ransomware Attack

City of Dallas denies information has leaked to attackers

NBC Universal, Inc.

A threat was posted Friday on a website related to the Royal Ransomware Group threatening to release data the group claims to have accessed from the City of Dallas.

The ransomware attack on Dallas government was first revealed on May 3 and since then city officials have always said no data has leaked.

The new post mentions the city’s claim and responds saying tons of personal information, including court cases, medical information and thousands of government documents will be posted on blogs.

City officials have confirmed that key portions of Dallas government remain harmed by the attack which caused them to shut down many systems to avoid spreading damage.

Dallas Police Chief Eddie Garcia said this week that his access to crime data has been compromised for mapping strategy. He said a backlog of reports remains to be filed.

The Dallas County District Attorney released a statement saying some police evidence for court cases has not been available for pending trials.

The City of Dallas Municipal Court, where traffic and code citations are handled, remained closed.

Public computers were not available in Dallas libraries and returned books could not be properly checked in.

Cyber Threat Expert Sam Rubin, a Vice President with Palo Alto Networks Unit 42, who is not involved with the Dallas investigation, said threat actors do access data in more than 70% of attacks.

“They're not only locking up files but they're taking information as well. And it's really all about upping that level of pressure so they can extract payment. It's a form of extortion,” Rubin said.

Former Federal Prosecutor Matt Yarbrough who handles cybersecurity and data privacy cases with the law firm Michelman and Robinson said the threat posted Friday is a new level in the Dallas case.

“It's a major escalation from the standpoint they're going to release these critical systems not only about employees but active and ongoing criminal investigations and prosecutions. And the fact that it hurts or is hurting cases at trial right now is a major factor,” Yarbrough said.

The city of Dallas issued a statement Friday renewing the claim that no data has leaked.

“We continue to monitor the situation and maintain there is no evidence or indication that data has been compromised. Measures to protect data are in place," the statement said.

There is no information on whether the city has paid any ransom.

It could be that Friday’s threat is just a bluff and the threat actors have no data.

Rubin said delays in returning city functions to normal may simply be the enormous task required to reimage every individual city computer to ensure they are not infected.

“There’s a multi-stage process that they’re going through in that recovery,” Rubin said.

Some city websites are operating again. Police and Fire computer dispatch was working, officials said.

The test will be if confidential information does begin to roll out.

Contact Us