The hacker group responsible for an ongoing ransomware attack against the City of Dallas says they will leak 鈥渢ons of personal information鈥 about city employees. That鈥檚 according to a blog post from the group, first reported by The Dallas Morning News.
The threat comes after the city assured Dallas residents that no personal information had been leaked. The News reports that a blog post uploaded to the hacker鈥檚 website says otherwise.
鈥淲e will share here in our blog tons of personal information of employees (phones, addresses, credit cards, SSNs, passports) 鈥︹ the post said, according to The News.
A statement released by Dallas city officials on Friday afternoon says the city is 鈥渁ware of a post from what appears to be the Royal ransomware group threatening to release city data.鈥
What鈥檚 happened so far
The City of Dallas security monitoring tools identified a likely ransomware attack on May 3 that compromised multiple local servers and knocked the DPD website offline.
鈥淭he City team, along with its vendors, are actively working to isolate the ransomware to prevent its spread, to remove the ransomware from infected servers, and to restore any services currently impacted,鈥 city spokesperson Jenna Carpenter said at the time of the attack.
A May 8 press release about the attack listed numerous questions about how city servers were infected, if the city would pay any ransom and if personal information would be leaked. But the city says because there is an ongoing criminal investigation into the attack 鈥渢he city cannot comment on specific details.鈥
The statement also adds that 鈥渁t this time the City has no indication that customer information such as billing data or personally identifiable information has been leaked from City systems or databases.鈥 City officials say if that changes, they will reach out to individuals affected by the attack.
City officials said in the most recent update on Friday there is still 鈥渘o evidence or indication that data has been compromised.鈥
A federal warning
The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency released a cybersecurity advisory about the Royal ransomware group in early March.
According to the agency the Royal ransomware operation has been active since around September 2022. The advisory says 鈥淩oyal actors have made ransom demands鈥 for millions in the form of Bitcoin.
In 66% of incidents, the hacker group gains access to sensitive servers with phishing emails. Once infiltrated, the group uses tactics to 鈥渟trengthen their foothold in the victim鈥檚 network.鈥 Federal authorities say 鈥渓egitimate鈥oftware is repurposed鈥 to drive the malicious code deeper into their target鈥檚 servers.
Got a tip? Email Nathan Collins at ncollins@kera.org. You can follow Nathan on Twitter .
四虎影院 is made possible through the generosity of our members. If you find this reporting valuable, consider today. Thank you.
