Ransomware attacks conducted by hacker groups are becoming more and more common. While most of them target companies, organizations, and individuals, some go big and target cities. Dallas, Texas appears to be the latest victim of the Royal ransomware group.
Dallas Hit by Royal Ransomware
The city of Dallas was forced to shut down its IT systems to prevent the cyberattack from causing any more damage. Police operations have been affected due to the attack, with 911 dispatchers receiving written reports instead of going through the digital dispatch system.
It has since been confirmed by officials that it was a ransomware attack that caused the disruption. Among the impacted was the Dallas County Police Department's website to go offline, which has already been restored, as mentioned in Bleeping Computer.
In a statement from the City of Dallas, it was mentioned that the city's team along with vendors have been working to isolate the attack and remove the ransomware from infected servers and restore services. Proper officials and authorities have been notified of the attack immediately.
Fortunately, reports say that the damage to residents was limited, but the city is still investigating the extent of the attack. Dallas citizens are urged to call 311 if they experience issues with certain city services and 911 for emergencies.
Since many servers and systems have been affected by the ransomware attack, the court system of Dallas had also canceled all jury trials and jury duty between May 2nd through this day. There are still no reports as to when operations will resume.
As a way to deliver news, the hacker organization used the city's network to print out ransom notes. The note stated that if they were reading it, then they had been hit by Royal ransomware, along with a link that allows the city to contact the ransomware group.
The letter states that the attack likely happened because the city decided to "save money" on securi[ty]. They also noted that critical data is encrypted and copied, and can be published online for anyone on the darknet to see.
Read Also: Crown Resorts Confirms Ransomware Attack Following GoAnywhere Data Breach
Royal Ransomware Attack
The hacker group was initially named "Zeon" which was then changed to "Royal" around September 2022. The threat actors conduct their operations through callback phishing techniques where victims would install remote desktop malware.
At first, Royal ransomware used BlackCat's ransomware encryptor but soon developed its own. Similar to Conti, they also drop ransomware notes to make their demands known to the victim and claim responsibility for the attack.
The highest number of successful attacks were carried out by hacker groups such as BlackCat, LockBit, and Royal, according to Trend Micro. The Royal ransomware group was responsible for 10.7% of the ransomware attacks.
Back in early December 2022, the hacker group has beginning to be recognized by the US Department of Health and Human Services warning healthcare organizations of potential attacks from the threat actors.
The Federal Bureau of Investigation has since released an advisory that informs potential victims of tactics, techniques, and procedures, as well as indicators of compromise to help organizations defend themselves from cyberattacks.
Related: Royal Ransomware Takes Responsibility For Queensland University Of Technology Attack
