The City of Dallas announced that an $8.5 million budget has been approved to support the restoration of its systems following a May 2023 ransomware attack.
The incident, the city says in a report detailing the attack, was identified on May 3, when the cybercrime gang named Royal began deploying file-encryption ransomware on multiple systems.
However, the investigation into the matter revealed that the attackers had access to the city’s network for about a month before.
“During this period, Royal conducted data exfiltration and ransomware delivery preparedness activities. Data exfiltration activities carried out during the monitoring period resulted in data leaks totaling approximately 1,169 TB by May 3, 2023.” Dallas said.
During the same period, the cybergang deployed various tools across the city’s network, in preparation for the ransomware deployment, which focused on specific servers.
Immediately after identifying the attack, the city took high-priority services and some servers offline and began restoration operations, but not before ensuring that the Royal ransomware was eliminated from the network.
Dallas notified the Texas Attorney General’s Office of the attack on August 7, revealing that personal information of current and former staff was compromised, including names, addresses, health and health insurance information, details social security and other information.
“To date, the Dallas City Council has approved a budget of $8.5 million for cyber interdiction, mitigation, recovery and restoration efforts directly related to the Royal ransomware attack. This includes external professional cybersecurity services, identity theft and fraud protection services, and vendors offering breach notification services to business partners and individuals who have been exposed to data due to of the attack,” the city announced.
Although suppression and remediation efforts are nearly complete, the final estimated cost related to the attack will be communicated by the end of the year, the city said, adding that a second round of notifications will be sent to affected persons, which will likely result in additional costs. costs as well.
“City leaders are managing internal and external resource costs to ensure Royal is removed from the city’s IT and network resources. Currently, cost estimates align with the Dallas City Council’s initial budget approval. The final cost analysis is not yet complete,” the city added.
Active since September 2022 and operated by a private group, Royal ransomware has been used in attacks targeting various US sectors, including critical infrastructure, communications, education, healthcare and manufacturing.
Related: Organizations warned of Royal Ransomware attacks
Related: Researchers link Royal Ransomware to the Conti group
Related: Healthcare Facilities Warned of Royal Ransomware Attacks