Dallas City Council receives update on May ransomware attack | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

DALLAS — On Wednesday, details surrounding the ransomware attack that has plagued the City of Dallas since May started to come into focus.

According to an after-action report delivered at Dallas City Council, hackers used stolen online credentials to get into the city of Dallas’ system and steal files. Ultimately, the report said, a “small amount” of “sensitive data” was accessed. But, according to Dallas Chief Information Officer Brian Gardner, the majority of the data breached was “not sensitive.” 

Dallas information technology officials said hackers with a group called Royal began their attack on April 7. City officials said the hackers were able to connect to a city server and give themselves remote access to the system. Per the after-action report, Royal downloaded almost 1.2 terabytes of data through that server, and launched a ransomware attack in the early morning hours of May 3.

The after-action report said the attack was contained the very next day, on May 4.

Still, Royal’s attack shut down city servers and services for weeks. 

The after-action report itself comes four months after the attack after its presentation was delayed at previous council meetings.

The most sensitive information accessed included medical and health insurance information, the report said. Hackers were also able to acquire social security numbers, the report revealed.

In August, the city said, some 27,000 letters that were mailed to people impacted by the attack informed them of the leaked information, and offered them two years of free credit monitoring. 

“Our investigation to date has indicated that some of your sensitive personal information was impacted,” the letter read. “The information included your name, address, SSN, Date of Birth, Insurance Information, Clinical Information, Claims Information, Diagnosis.”

WFAA spoke to people impacted by the hack, including Dallas Police Association President Mike Mata. Mata said his biggest concern about the hack is the lack of transparency from the city surrounding it.

“The city should have taken proactive steps in the very beginning, rather than having to be pushed for it,” Mata said. “We advocated years ago to separate our databases from the city to prevent this from happening. And that was not done. So, hopefully the city realizes that there are some city services and critical infrastructures that have to maintain service availability.”

In total, 30,253 people’s information was exposed. But city officials said that number could still increase as further reviews continue.

On August 9, the Dallas City Council approved setting aside more than $8.5 million for hardware, software and forensic analysts in response to the ransomware attack.

Gardner said the city is 99.9% back to normal operations — an improvement from the 90% resumption of operations he reported in June.


Click Here For The Original Source.

National Cyber Security