Dallas is facing a concerning development in its ransomware attack, as the threat actor group Royal listed the city on its leak site nearly three weeks after the attack was discovered. This listing typically occurs when communication breaks down or the victim organization refuses to pay the ransom demand.
Royal’s claim contradicts Dallas officials’ assurance that no data was compromised, as the group threatened to release personal information, court documents, and government files. Although the city has not confirmed any communication with Royal or the ransom amount, the posting on the leak site suggests that Dallas has not paid the ransom, potentially leading to the release of sensitive information.
Experts highlight the extensive impact of this attack, as Dallas, with its population of 1.3 million, is one of the largest U.S. cities targeted by ransomware. The disruption caused by the attack has affected police operations and court proceedings, with critical evidence inaccessible, leading to the cancellation of court hearings, trials, and jury duty.
While emergency services remain available, several systems of the Dallas Police Department are still offline, and the municipal court is unable to process payments. The city maintains that data protection measures are in place, but the weeks-long outage has severely impacted various aspects of its functioning.
The delay between Dallas’ acknowledgment of the ransomware attack and its listing on Royal’s leak site suggests ongoing communication between the parties. Experts speculate that once engaged in negotiations and with a potential opportunity for financial gain, threat actors are unlikely to walk away easily.
The situation highlights the broader issue of ransomware attacks and the growing threat they pose to organizations, especially those handling sensitive data.
