Dallas city officials have announced that critical services have been restored following last week’s ransomware attack that caused widespread outages. The city’s websites and the police department are back online, but the municipal court system remains offline, with court hearings and trials suspended since Wednesday. Dallas officials blamed the attack on Royal, although the city did not reveal whether the ransomware group made a ransom demand.
Dallas officials are exploring all options to remediate the incident, and the city is working with CrowdStrike on incident recovery and response, with assistance from state and federal authorities.
Dallas’s IT department is reviewing all 1,900 mobile devices in police and fire vehicles and is almost done reconnecting devices to the network. A complete resumption of computer-assisted dispatch will be achieved early this week, according to the city.
The city declined to share an assessment of the financial impact from the attack while the investigation is ongoing and did not provide a timeline for a full recovery of all city services.
The Royal ransomware group, which Dallas officials blame for the attack, mostly targets US organizations. The group comprises former members of the Conti ransomware group and was first observed in September 2022. The group has claimed responsibility for 157 organizations to date on its leak site and uses multiple types of extortion to pressure victims to pay the ransom demand.
Royal has made ransom demands up to $25 million, and nearly two in three organizations victimized by the group are based in the US, according to researchers from Palo Alto Networks’ Unit 42.
