Ransomware attack forces Dallas to shut down courts, disrupts some 911 services

The City of Dallas in Texas has confirmed a ransomware attack has downed key services, including 911 dispatch systems. 

City officials confirmed on Wednesday that a number of the city’s servers had “been compromised with ransomware,” causing widespread service outages. The Dallas Police Department (DPD) website is currently offline. The City of Dallas website displays a message stating that “the City is experiencing a service outage and is working to restore services,” and the city wrote on a page that contains updates about the incident that all courts were closed on Wednesday and would be closed again on Thursday.

DPD spokesperson Melinda Gutierrez confirmed to TechCrunch that the outage has also impacted Computer Aided Dispatch, or “CAD” systems, which are used by dispatchers and 911 operators to prioritize and record incident calls. Local media reported that this has forced 911 call takers to manually write down instructions for responding officers. 

“There is no effect to 911 calls at this time, and they continue to be dispatched for service,” Gutierrez added. “The outage is not affecting police response.”

Printers on the City of Dallas network reportedly began printing out ransom notes on Wednesday morning. As per a copy the note, the Royal ransomware gang has claimed responsibility for the attack, and a URL included on the note directed to a contact form on Royal’s dark web victims site. The note said critical data was encrypted, and threatened to publish it online if a ransom demand is not met.

The City of Dallas has not yet been listed on Royal’s dark web leak site and it’s not yet known what types of data has been stolen. City officials have not responded to TechCrunch’s questions. 

The Royal ransomware gang first emerged in early 2022, and was recently the subject of a joint advisory released by CISA and the FBI. The U.S. government agencies warned that the group ​​has targeted multiple victims both in the U.S. and internationally, including manufacturing, communications, education and healthcare organizations.

The advisory said that after gaining access to victims’ networks, typically via callback phishing, whereby hackers send emails claiming that the victim has or will be charged for a service and asks them to call a listed phone number for clarification, Royal hackers “disable antivirus software and exfiltrate large amounts of data” before deploying the ransomware and encrypting systems. Subsequent ransom demands made by the group vary from $1 million to $11 million. The City of Dallas has yet to confirm whether the hackers have made any financial demands. 

TechCrunch contacted CISA and the FBI regarding the City of Dallas ransomware incident but has not yet received a response. According to ransomware expert Brett Callow, there have been 29 reported cyberattacks targeting local governments in the U.S. this year alone.

The full impact of the attack remains unknown. In a statement, the city said it was “actively working to isolate the ransomware to prevent its spread, to remove the ransomware from infected servers, and to restore any services currently impacted. The City is currently working to assess the complete impact, but at this time, the impact on the delivery of City services to its residents is limited.”


Do you have more information about the City of Dallas ransomware attack? You can contact Carly Page securely on Signal at +441536 853968, or by email. You can also contact TechCrunch via SecureDrop.