IE11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Few Details Released in Dallas Ransomware Investigation

The city of Dallas has given some updates and continues to use workarounds for some departments.

Dallas City Hall entrance.
Four weeks into Dallas’ ransomware attack, the city’s communications, outreach and marketing director emailed directions to the mayor and City Council to share little to no details about how it’s being handled.

Catherine Cuellar told elected leaders and some top administrative officials in an email obtained by The Dallas Morning News to stick to a handful of sentences when asked by residents about the cyber attack.

She responded with the same talking points she told elected officials to use when she was forwarded questions sent by The News to a council member.

“Please rest assured we are working with third-party experts and law enforcement and our investigation is ongoing,” she wrote to The News. “We will share updates as appropriate.”

What was shared includes:
  • The city has made strides in getting systems back up for several departments, including police, fire, water and 311.
  • City officials have developed workarounds so the library and animal services can serve the public as systems are being restored.
  • The city is adding more cybersecurity software, resetting city user accounts and “completely rebuilding impacted systems in a new, secure environment.”

Since the attack, developments to the public have mostly been through brief updates on the city’s website. City officials have declined to say if the city has been issued any ransom or to release specific details related to the attack or recovery, citing an ongoing criminal investigation involving the FBI.

The city’s municipal court reopened for business Tuesday and has resumed some hearings as of Wednesday, such as proceedings for parking violations. People have also been able to pay for citations and documents online and in person for the first time since the May 3 attack. They were previously only able to make payments via mail due to the court being unable to process payments or hold hearings.

The city said several servers were compromised with ransomware early May 3 and that it intentionally took others offline to prevent the bad software from spreading. During a May 8 City Council committee meeting, CIO Bill Zielinski said the city put in preventative measures that helped limit the effect of the ransomware attack, but city officials haven’t elaborated on what those were.

The city in mid-May said it could take several more weeks or months to fully restore the system from the ransomware attack, which includes reviewing and cleaning servers and devices to make sure they are safe to use.

©2023 The Dallas Morning News. Distributed by Tribune Content Agency, LLC.