At the end of a lengthy day of briefings last week, city officials announced they would postpone Chief Information Officer Bill Zielinski’s after-action review on the ransomware attack that took down Dallas servers and gained access to the personal data of more than 30,000 users in May.
The postponement of Wednesday’s briefing also prompted the cancellation of a press conference originally planned for Thursday with Zielinski and Chief Security Officer Brian Gardner.
We’ve got the presentation intended for the Sept. 6 City Council meeting, and we’ll break it down here.
City of Dallas Ransomware Attack
Royal Group performed reconnaissance and staging about a month prior to the May 3 ransomware attack, city officials said in the presentation.
The hack disrupted city operations, including 311, online building permits, library systems, and the Dallas Police Department crime statistics dashboard.
It also damaged equipment and software and necessitated the activation of the city’s Incident Response Plan.
City officials have not commented on whether they paid a ransom, but they have spent a pretty penny on protection against future attacks.
About $9.7 million is specifically targeted for cybersecurity in the 2024 budget and $10.5 million has been flagged for such purposes in the FY25 budget, Zielinski told daltxrealestate.com last month.
City officials have remained tight-lipped since the May attack, citing security concerns, but the City Council has met on the topic in closed sessions several times.
“This is an ongoing criminal investigation and the city cannot comment on specific details related to the method or means of the attack, the mode of remediation, or potential communications with the party launching the attack,” Zielinski said in a public safety briefing less than a week after the hack. “Doing so risks impeding the investigation or exposing critical information that can potentially be exploited by the attacker.”
The Dallas Central Appraisal District was hacked in November and paid about $170,000 in ransom.
Swift Response Against Ransomware
While we don’t have the benefit of dialogue that comes with a council briefing, the presentation appears to tout the city’s swift response to the cyberattack.
The city contained the data breach within a day, according to the presentation. Less than 10 percent of the city’s 14,000 assets were infected, including 230 servers and 1,168 workstations. More than 90 percent restoration was reported within a month.
Chief Financial Officer Jack Ireland authored a memorandum ahead of the planned Sept. 6 presentation that indicated the problem has been resolved.
“As of [Sept. 1], services have been restored and IT operations normalized,” he said.
