According to media reports the City of Dallas has fallen victim to a ransomware attack that has affected several critical systems and services, including 911 emergency response, financial transactions, and public communications. The attackers, a group named “Royal Ransomware”, are believed to have gained access to the City’s systems via phishing attack.
Phishing attacks typically involve fraudulent emails, text messages or phone calls that appear to come from a reputable source (for example a subscription service) that can trick people into downloading malware to their device, or convince them to part with sensitive data such as credit card or bank account details.
While the city’s IT team has responded quickly to isolate the affected systems, the attack has still caused significant disruption and inconvenience to residents and businesses. For part of the day, 911 call dispatchers had to manually write down call reports to pass to officers instead of using their automated dispatch system. Additionally, court systems went down, resulting in some jury trials being cancelled. In a media statement, officials confirmed the attack:
“”Wednesday morning, the City’s security monitoring tools notified our Security Operations Center (SOC) that a likely ransomware attack had been launched within our environment. Subsequently, the City has confirmed that a number of servers have been compromised with ransomware, impacting several functional areas, including the Dallas Police Department Website,”
“The City is currently working to assess the complete impact, but at this time, the impact on the delivery of City services to its residents is limited.”
There has been no indication as of yet if a ransom demand has been made.
What have we learned?
This incident highlights the importance of cybersecurity awareness, education, and resilience for all organisations, regardless of their size or sector. Here are some key takeaways from the Dallas ransomware attack:
Cyber threats are real and evolving
Ransomware attacks are a growing trend among cybercriminals, who use them to extort money from vulnerable targets. Organisations must stay informed about the latest threats and trends and implement appropriate security measures to reduce their risk exposure.
Regular vulnerability assessment is key
Organisations that don’t take stock of their cyber vulnerabilities leave themselves open to attack. Cyber criminals are a constant threat that need constant surveillance. Implementing systems to scan for vulnerabilities as they appear, regularly updating software and systems, and prioritising vulnerabilities by risk level makes it harder for criminals to access sensitive data.
Humans are the weakest link
Many cyber attacks exploit human errors and behaviour, such as clicking on suspicious links or downloading malware. Organisations must train their employees and contractors on how to detect and avoid cyber threats, and foster a culture of cyber security awareness and responsibility. Penetration testing with phishing simulation emails can help business leaders to assess where their team is in terms of cyber security awareness, so any training gaps can be plugged.
Backup and recovery are essential
Even if an organisation falls victim to a ransomware attack, it can minimise the impact by having a reliable incident response plan. Regularly backing up critical data and testing the recovery process can help organisations restore their operations faster and avoid paying the ransom.
We can help
Find out how to protect your business from cyber security threats by contacting a member of our team today by emailing [email protected]