City Of Dallas Pwned By Ransomware

Yesterday, the city of Dallas announced that a number of its servers have been compromised with ransomware, impacting several functional areas, including the Dallas Police Department Website which has been taken offline and 911 dispatchers are having to write down calls for officers rather than using the computer dispatch system.

CBS News Texas obtained an image the ransomware note. The hackers, a group called Royal, claim that they encrypted the city’s critical data, and threatened to post sensitive information online.

Officials are working to contain the spread to other city computer systems and, while there were reports of other governmental computer outages, there seems to be limited impact on city operations affecting residents.

While large, American cities such as Dallas, Baltimore, Oakland, Washington DC, to name a few, continue to experience impactful outages, it highlights a larger concern of the caliber of cybersecurity these municipalities have in place.

“We commonly find [state and local governments’] security posture to be weaker than that of the average corporate company. This is not due to a lack of concern, but rather a lack of resources and manpower to address the ever-growing challenges of cybersecurity,” Quentin Rhoads-Herrera, a Dallas-based cybersecurity executive, told CNN.

I have a three comments on this. Starting with Kevin Hanes, CEO, Cybrary:

   “Sounds familiar (ATL). For all the folks who are responding and trying to figure out the what, how, why, and now what?…as terrible as it is this will pass and you can come out of it stronger. It’s challenging but you have to stay positive and take care of one another as stress and no sleep will take its toll on everyone.”

Stephen Gates, Principal Security SME, follows up with this:

   “Most successful ransomware attacks are primarily due to hidden vulnerabilities that have laid dormant within the inner bowels of a network for some time. This endemic problem plaguing American cities (and elsewhere) will never be resolved until organizations accept the fact that yes, they are completely vulnerable to ransomware attacks. The problem, however, is that they often have no idea where those vulnerabilities lie.

   “It is imperative to get ahead of the game and find the vulnerabilities yourself by attacking your internal network the same way an attacker will. This is not a one-and-done proposition since you’ll never be able to manage your risk daily if you don’t know where you’re vulnerable. As a result, automated AI-driven tools are readily available to perform that continuous function for you today.”

Finally Roy Akerman, Co-Founder & CEO, Rezonate had this to say:

   “Local government offices continue to be a target for ransomware groups as we’ve seen for the past couple of years. For the most part, their infrastructure is outdated, their controls are not tuned and therefore, in the case of a compromise, the impact is greater than it should be resulting in a complete disruption of operations.

   “The Royal ransomware group has been known to use a mix of old and new techniques to lure victims to install a remote desktop malware from which they can extend reach and encrypt critical files. Controls against Ransomware threats must be implemented as well as practices to contain and recover without paying the ransom.”

Local governments really need to focus on not being a “target rich environment” for threat actors by improving their security posture. That’s the only way that situations like this will become less likely to happen.

Leave a Reply

%d bloggers like this: