Dallas disrupted by hackers – courts closed, police and fire sites offline

By Raphael Satter and Christopher Bing

(Reuters) – Hacker sabotage has disrupted several public services in Dallas, closing courts and knocking emergency services websites offline, officials said on Thursday.

Courts were closed Wednesday and will remain closed Thursday, the City of Dallas said in a series of statements posted to the web. Although the statements said emergency services to residents were unaffected, the home pages of the police and fire service were unavailable as of Thursday and a police spokesperson said the city’s computer-aided dispatch system was hit.

Dallas city officials did not answer Reuters’ questions but said updates would be forthcoming. A Dallas fire official referred questions to the city.

Dallas officials said the cause was ransomware – a form of malicious software that hackers use to scramble data and immobilize networks until an extortion payment is made, typically in digital currency.

The ransomware operation behind the Dallas hack is called Royal, according to two security researchers familiar with the incident. U.S. officials tie the group to the Conti gang of cybercriminals, who in turn have been alleged to operate out of Russia and maintain links to Russian intelligence.

Cybersecurity news site Bleeping Computer, which disclosed the Royal connection earlier, said the hackers hijacked Dallas city printers to print out their ransom notes.

Conti and related groups have been of particular concern since Russia’s full-scale invasion of Ukraine last year, given worries that Moscow could encourage cybercriminals to pressure Ukraine’s Western backers.

In May 2022 the U.S. government offered a reward of up to $15 million for information on Conti, saying it was responsible for hundreds of ransomware attacks. Royal itself has come under increasing scrutiny. In January the U.S. Health and Human Services Department said Royal’s hackers were a “significant threat” to U.S. healthcare providers. In March the U.S. cybersecurity watchdog agency CISA warned that the group was targeting critical infrastructure providers and demanding ransoms of up to $11 million.

Reuters was not immediately able to locate contact information for the Royal hackers. Their darknet website did not appear to be loading properly on Thursday. CISA and the FBI did not immediately return messages seeking comment.

Ransomware operations have had a devastating impact on U.S. companies, organizations and local authorities, notably in Atlanta, which was held hostage by hackers for several days in 2018, and Baltimore, which was hit by online extortionists the following year. Both attacks cost taxpayers millions of dollars.

The scope of the disruption in Dallas has yet to come fully into focus. City officials said Dallas Water Utilities was delaying readings while a spokesperson for the Dallas Public Library, Melissa Dease, said its catalog was down and access to back office systems had been disrupted.

Library users can still check out materials by hand, Dease said.

“You know, old school.”

(Reporting by Raphael Satter and Christopher Bing; Additional reporting by Zeba Siddiqui; Editing by Lisa Shumaker and Daniel Wallis)

tagreuters.com2023binary_LYNXMPEJ430RF-VIEWIMAGE