The hacker group responsible for an ongoing ransomware attack against the City of Dallas says they will leak “tons of personal information” about city employees. That’s according to a blog post from the group, first reported by The Dallas Morning News.
The threat comes after the city assured Dallas residents that no personal information had been leaked. The News reports that a blog post uploaded to the hacker’s website says otherwise.
“We will share here in our blog tons of personal information of employees (phones, addresses, credit cards, SSNs, passports) …” the post said, according to The News.
A statement released by Dallas city officials on Friday afternoon says the city is “aware of a post from what appears to be the Royal ransomware group threatening to release city data.”
What’s happened so far
The City of Dallas security monitoring tools identified a likely ransomware attack on May 3 that compromised multiple local servers and knocked the DPD website offline.
“The City team, along with its vendors, are actively working to isolate the ransomware to prevent its spread, to remove the ransomware from infected servers, and to restore any services currently impacted,” city spokesperson Jenna Carpenter said at the time of the attack.
A May 8 press release about the attack listed numerous questions about how city servers were infected, if the city would pay any ransom and if personal information would be leaked. But the city says because there is an ongoing criminal investigation into the attack “the city cannot comment on specific details.”
The statement also adds that “at this time the City has no indication that customer information such as billing data or personally identifiable information has been leaked from City systems or databases.” City officials say if that changes, they will reach out to individuals affected by the attack.
City officials said in the most recent update on Friday there is still “no evidence or indication that data has been compromised.”
A federal warning
The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency released a cybersecurity advisory about the Royal ransomware group in early March.
According to the agency the Royal ransomware operation has been active since around September 2022. The advisory says “Royal actors have made ransom demands” for millions in the form of Bitcoin.
In 66% of incidents, the hacker group gains access to sensitive servers with phishing emails. Once infiltrated, the group uses tactics to “strengthen their foothold in the victim’s network.” Federal authorities say “legitimate…software is repurposed” to drive the malicious code deeper into their target’s servers.
Got a tip? Email Nathan Collins at ncollins@kera.org. You can follow Nathan on Twitter @nathannotforyou.
KERA News is made possible through the generosity of our members. If you find this reporting valuable, consider making a tax-deductible gifttoday. Thank you.
