It’s been more than three weeks since a ransomware attack forced the city of Dallas’ information and technology services department to take servers offline in an attempt to contain any malware. Since then, the department has worked to bring servers back online as staffers determine it’s safe to do so.
The city’s websites and pages are back online. Residents can call 311. Functionality is returning to 911 dispatch. The development services department can issue permits again. You can pay your water bill.
But a lot is still not working—libraries can’t check books back in, so patrons are being asked to keep their books until they can accept returns. The municipal court system is still on pause until at least Tuesday. The City Council can’t vote electronically at meetings. The Dallas Police Department still cannot access some data. Other city staffers privately grumble about being unable to open some files.
The city has remained tight-lipped about the scope of the attack, citing an ongoing investigation. Statements insist that no personal information was obtained in the attack. Royal, the group claiming responsibility for the attack, says the opposite.
“So, we are going to indicate that the data will be leaked soon,” the group said on its website on May 19. “We will share here in our blog tons of personal information of employees (phones, addresses, credit cards, SSNs, passports), detailed court cases, prisoners, medical information, clients’ information and thousands and thousands of governmental documents.”
The city, in turn, said it was “aware” of the claim. “We continue to monitor the situation and maintain there is no evidence or indication that the data has been compromised.”
The city won’t say how it’s so certain, which servers were impacted, and whether it will pay any ransom. In public briefings, Dallas Chief Information Officer Bill Zielinski has said that the work of restoring servers and bringing devices online has been painstaking.
“Once an environment has been infected, there really is no way to guarantee the ransomware is gone unless devices and applications have been completely wiped or wholly replaced,” Zielinski said earlier this month in a Council Public Safety Committee meeting. “This has to be done in a very deliberate and thorough manner, or you risk further infection within your network.”