Connect with us

Hi, what are you looking for?



City of Dallas Details Ransomware Attack Impact, Costs 

City of Dallas has approved an $8.5 million budget to restore systems following a Royal ransomware attack in May 2023.

The City of Dallas has announced that an $8.5 million budget has been approved to support the restoration of its systems following a May 2023 ransomware attack.

The incident, the city says in a report detailing the attack, was identified on May 3, when the cybercrime gang named Royal started deploying file-encrypting ransomware on multiple systems.

However, the investigation launched into the matter has revealed that the attackers had access to the city’s network for roughly a month before that.

“During this time, Royal performed data exfiltration and ransomware delivery preparation activities. The data exfiltration activities performed during the surveillance period resulted in data leakages totaling an estimated 1.169 TB at a time prior to May 03, 2023,” Dallas said.

During the same period, the cybergang deployed various tools on the city’s network, in preparation for the ransomware deployment, which was executed with focus on specific servers.

Immediately after identifying the attack, the city took high-priority services and certain servers offline, and started restoration operations, but not before ensuring that the Royal ransomware was eliminated from the network.

Dallas informed the Texas Attorney General’s office of the attack on August 7, revealing that the personal information of current and former personnel was compromised, including names, addresses, health and health insurance information, social security details, and other information.

“To date, The Dallas City Council has approved a budget of $8.5 million in computer-based interdiction, mitigation, recovery, and restoration efforts directly tied to the Royal ransomware attack. This sum includes external cybersecurity professional services, identity theft and fraud protection services, and providers offering breach notification services to business partners and individuals that experienced data exposure due to the attack,” the city announced.

Advertisement. Scroll to continue reading.

While the removal and remediation efforts are almost completed, the estimated final cost related to the attack will be provided by the end of the year, the city said, adding that a second round of notifications will be sent to the impacted individuals, likely incurring additional costs as well.

“City leadership is managing costs across both internal and external resources to ensure that Royal is removed from city computer and network resources. Presently, cost estimates are aligning with the initial budget approval from the Dallas City Council. The final cost analysis has not been completed at this time,” the city added.

Active since September 2022 and operated by a private group, the Royal ransomware has been used in attacks targeting various US sectors, including critical infrastructure, communication, education, healthcare, and manufacturing.

Related: Organizations Warned of Royal Ransomware Attacks

Related: Researchers Link Royal Ransomware to Conti Group

Related: Healthcare Organizations Warned of Royal Ransomware Attacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.


Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.


US payments giant NCR has confirmed being targeted in a ransomware attack for which the BlackCat/Alphv group has taken credit.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.