Virtual Event Now Live: Zero Trust Strategies Summit! - Login for Access
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Ransomware

City of Dallas Details Ransomware Attack Impact, Costs 

City of Dallas has approved an $8.5 million budget to restore systems following a Royal ransomware attack in May 2023.

The City of Dallas has announced that an $8.5 million budget has been approved to support the restoration of its systems following a May 2023 ransomware attack.

The incident, the city says in a report detailing the attack, was identified on May 3, when the cybercrime gang named Royal started deploying file-encrypting ransomware on multiple systems.

However, the investigation launched into the matter has revealed that the attackers had access to the city’s network for roughly a month before that.

“During this time, Royal performed data exfiltration and ransomware delivery preparation activities. The data exfiltration activities performed during the surveillance period resulted in data leakages totaling an estimated 1.169 TB at a time prior to May 03, 2023,” Dallas said.

During the same period, the cybergang deployed various tools on the city’s network, in preparation for the ransomware deployment, which was executed with focus on specific servers.

Immediately after identifying the attack, the city took high-priority services and certain servers offline, and started restoration operations, but not before ensuring that the Royal ransomware was eliminated from the network.

Dallas informed the Texas Attorney General’s office of the attack on August 7, revealing that the personal information of current and former personnel was compromised, including names, addresses, health and health insurance information, social security details, and other information.

“To date, The Dallas City Council has approved a budget of $8.5 million in computer-based interdiction, mitigation, recovery, and restoration efforts directly tied to the Royal ransomware attack. This sum includes external cybersecurity professional services, identity theft and fraud protection services, and providers offering breach notification services to business partners and individuals that experienced data exposure due to the attack,” the city announced.

Advertisement. Scroll to continue reading.

While the removal and remediation efforts are almost completed, the estimated final cost related to the attack will be provided by the end of the year, the city said, adding that a second round of notifications will be sent to the impacted individuals, likely incurring additional costs as well.

“City leadership is managing costs across both internal and external resources to ensure that Royal is removed from city computer and network resources. Presently, cost estimates are aligning with the initial budget approval from the Dallas City Council. The final cost analysis has not been completed at this time,” the city added.

Active since September 2022 and operated by a private group, the Royal ransomware has been used in attacks targeting various US sectors, including critical infrastructure, communication, education, healthcare, and manufacturing.

Related: Organizations Warned of Royal Ransomware Attacks

Related: Researchers Link Royal Ransomware to Conti Group

Related: Healthcare Organizations Warned of Royal Ransomware Attacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Nupur Goyal has joined cloud identity security and management solutions provider Saviynt as VP of Product Marketing.

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

Omkhar Arasaratnam, former GM at OpenSSF, is LinkedIn's first Distinguised Security Engineer

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.