Bill Zielinski, Dallas’ chief information officer, told council members Monday during a public safety committee meeting that monitoring is ongoing to see if any personal information stored by the city shows up elsewhere, such as on the dark web. If it does, the city plans to directly contact people affected.
The city’s network is still being restored after last Wednesday’s ransomware attack, and city servers and devices may need to be replaced to make sure they aren’t corrupted, Zielinski said. He offered no timeline on when all impacted city services will be restored, said state and federal officials are in contact with the city as an investigation continues, and declined to give specific details related to the ransomware attack.
“The city cannot comment on specific details related to the method or means of the attack, the mode of remediation or potential communications with the party launching the attack,” Zielinski said. “Doing so risks impeding the investigation or exposing critical information that can potentially be exploited by the attacker.”
Zielinski said the city intentionally took electronic systems, services and devices offline after detecting the ransomware early Wednesday to prevent it from spreading.
Monday marked the first time outside of news releases the city publicly addressed the infiltration that caused widespread system outages. The attack disrupted several city departments, including causing the municipal courts to close; stopping residents from paying their water bills online; and forcing first responders to use radios, pens and paper to respond to and keep track of emergency calls.
Zielinski said the city couldn’t accept new applications for building permits until Sunday.
The city on Thursdayidentified a group called Royal as behind the ransomware, which is a type of software used to threaten to publicly release data stored by organizations unless a payment is given. One common way such attacks happen is through phishing campaigns that trick people into downloading malicious software or sharing their username and password.
Council member Cara Mendelsohn said she believed this latest incident highlighted the city’s need to better invest in its IT system and consider restructuring how the department functions in the city.
“We seem to have a lot of instances with public safety, and it may need to be that that’s separated,” she said. “I hope that we’ll begin to look at that after we recover from this incident.”
Council member Gay Donnell Willis suggested the city consider using a portion of a proposed $1 billion bond program on IT. That bond program could come before voters as early as next year.
Zielinski said websites for the city and police department should be back up and running Monday and some parts of the city’s computer-aided dispatch system are also being restored. According to the city, 1,900 police and fire mobile devices are being tested to make sure they can safely be used and the dispatch system could be fully restored by this week.
After an about 10-minute overview by Zielinski and brief statements from council members, the group went into executive session to further discuss the attack. They returned after an hour in closed session and ended the meeting after the committee had no further questions to ask in public.
© 2023 The Dallas Morning News. Distributed by Tribune Content Agency, LLC.