Dallas County ‘halted’ data exfiltration and prevented encryption after attack


Dallas County provided an update on the reported ransomware attack this week, telling residents they were able to stop the incident before hackers could encrypt files or systems.

On Monday, the county of nearly 3 million residents confirmed it was facing a cybersecurity incident after the Play ransomware gang claimed to have breached its systems over the weekend.

Tuesday evening, the county released a follow-up statement providing more details about the incident. “As a result of our containment measures, Dallas County has halted the exfiltration of data from its environment and has effectively prevented any encryption of its files or systems,” they said.

“It appears that the incident was effectively contained, in part due to the measures we implemented to strengthen the security of our systems.”

They attributed their defensive success to the deployment of endpoint detection and response (EDR) tools, forced password changes, multi-factor authentication and more.

They did not explain how the hackers initially got into their systems, but said that “there is no evidence of continued threat actor activity in our environment.”

“Given these measurements and findings, it appears at this time that the incident has been successfully contained and that Dallas County systems are secure,” they said, adding that the initial attack had only affected part of their network.

The county hired an unnamed cybersecurity firm to help with its remediation efforts after the attack was discovered – the investigation is ongoing.

Counties have faced a barrage of attacks in 2023, as ransomware gangs focus their efforts on government agencies with the fewest protections.

Ransomware gangs have caused significant problems to county government systems in Delaware, California, Caroline from the south, New Jersey, Oregon, Florida, Ohio, Wisconsin, Mississippi, West Virginia, GeorgiaAnd Missouri.

Earlier this year, a major New York county described the devastation that lasted for months caused by a ransomware attack in 2021, explaining that police departments, tax offices, and even basic government functions were hampered by the incident.

The Play ransomware gang continued its string of high-profile attacks this year. The group sparked outrage with its attack on the city of Oakland, which is still grappling with consequences of his February attack.

The Swiss government warned in June that hackers had stolen citizens’ data after an attack on one of their IT suppliers.

The ransomware group first appeared in July 2022, targeting government entities in Latin America, according to Trend Microand also attacked the town of Massachusetts Lowell and Belgium Antwerp as well as several companies across Europe.

Get more information with the

Future saved

Intelligence cloud.

Learn more.

No previous articles

No new articles

Jonathan Greig

Jonathan Greig is a breaking news reporter at Recorded Future News. Jonathan has worked as a journalist around the world since 2014. Before returning to New York, he worked for media outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

Leave a comment