Hacking group that infiltrated City of Dallas servers threatens to leak sensitive info

The criminal organization that infiltrated servers from the City of Dallas is threatening to leak names, social security numbers and credit card information if the city does not pay a ransom.

Experts say it is hard to know if the group, known as Royal, is bluffing or if they really did manage to steal the data.

"Sometimes the data, the logs can be so badly scrambled, it's simply not possible to work out what was taken," said cybersecurity expert Brett Callow.

Related

City of Dallas attacked by ransomware gang 'Royal', city services still affected

The Dallas Public Library, Dallas Water Utilities, courts and more have been affected by the cyberattack.

It has been 17 days since Royal infiltrated Dallas's computer network with ransomware

Callow, a threat analyst with Emsisoft, says it is likely the city still doesn't know if data was, in fact, stolen.

"Forensic investigations that are needed to work out where the data was taken and what was taken can take months," he said.

Friday, Royal posted a threat on its website starting with the City's own words.

Post on Royal's website

"There is still no indication that data from residents, vendors, or employees has been leaked," Dallas said Monday in a statement. 

Royal mocked the statement saying, "We are going to indicate that the data will be leaked soon. We will share here in our blog tons of personal information of employees (phones, addresses, credit cards, SSNs, passports) and thousands and thousands of government documents."

The city responded to a post with a statement of its own.

Callow says the city is choosing its words carefully, but even if there was private information stolen, he says paying the criminals does not guarantee the information will be protected.

"Absolutely none, and there have certainly been multiple cases in the past where organizations are paid for data to be deleted, only for that data to reappear later or to be used in a second extortion attempt," Callow said.

The attack is having ripple effects around the city, and it's affecting justice in the courts.

That's what Douglas Huff, President of the Dallas Criminal Defense Lawyers Association, tells us.

"We've started to see in the courtrooms where they're not able to move forward with trials because they can't access their evidence," said Huff.

The Dallas County District Attorney's Officer released a statement Thursday saying, "To ensure the continuity of justice, we have established alternative communication channels."

But Huff says the immediate impact is felt by both families of victims and those accused of crimes.

"This is justice purgatory," Huff said. "We're not talking about dollars and cents. We're talking about people's lives."

Related

Dallas police data loss: IT employee reckless, but no malicious intent, report finds

The report released last week cost the city $500,000. The major conclusion is the city still has a lot of work to do to protect the city's data.

The ransomware is compounding problems for defense attorneys and prosecutors still working to overcome a huge loss of DPD data in April 2021.

An investigation concluded an employee accidentally deleted 22 terabytes of data.

Huff says the work to recover the lost data is now on hold due to the ransomware attack.