(844) 627-8267
(844) 627-8267

Dallas officials instructed to give little insight to the public | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware


Now four weeks into Dallas’ ransomware attack, the city’s communications, outreach and marketing director emailed to the mayor and City Council on Wednesday directions to share little to no details about how it’s being handled.

Catherine Cuellar told elected leaders and some top administrative officials in an email obtained by The Dallas Morning News to stick to a handful of sentences when asked by residents about the cyberattack:

  • Thank you for your inquiry.
  • Rest assured we are working with third-party experts and law enforcement and our investigation is ongoing.
  • We will share updates as appropriate.

The elected leaders are also asked to refer people, including members of the media, to the city’s communications team.

“If pressed for additional details: ‘This is all the information I have to share at this time’,” Cuellar wrote in the email. “‘As the investigation progresses, the city will share additional information with you, as appropriate.’”

Cuellar responded with similar talking points when The News sent questions to a council member.

“Please rest assured we are working with third-party experts and law enforcement and our investigation is ongoing,” she wrote to The News. “We will share updates as appropriate.”

When The News followed up to ask why city officials are limiting what elected leaders say about the May 3 ransomware attack, Cuellar did not say.

Instead, she responded to a separate question about the lack of clarity surrounding the impacts of the attack, which have not been fully laid out.

Cuellar said the city has made strides in getting systems back up for several departments, including police, fire, water and 311. She also said city officials have developed workarounds so the library and animal services can still serve the public as their systems are being restored.

She said the city is adding more cybersecurity software, resetting city user accounts and “completely rebuilding impacted systems in a new, secure environment.”

“Serving our residents remains a top priority, and while we restored most services, our team of experts continues working day and night towards full recovery,” she said.

Since the attack, developments to the public have mostly been through brief updates on the city’s website. City officials have declined to say if the city has been issued any ransom or to release specific details related to the attack or recovery, citing an ongoing criminal investigation involving the FBI.

The City Council has been receiving updates in closed session meetings to discuss Dallas’ network security and other issues related to the incident.

Council member Cara Mendelsohn, who responded to an inquiry from The News about the attack before Cuellar’s email was sent, said she believes the city needs to invest more money into its information technology infrastructure. Several other council members either declined comment or didn’t immediately respond for comment Wednesday.

Mendelsohn noted a proposed $1 billion bond package that city officials plan to put before voters in 2024 may be one way to quickly pour more money into the city’s IT, which has also recently been suggested by council member Gay Donnell Willis.

“The city has underfunded IT hardware and software for decades, and we must invest in the modern and sophisticated software and hardware needed to meet the challenges of cyber criminals and the service needs of our employees and residents,” Mendelsohn told The News. “The cost of old hardware, outdated software and understaffed and undertrained staff is too great a risk for our city and residents.”

The city has approved deals to improve Dallas’ defense against bad software in recent years.

The City Council in November 2021 approved a four-year, more than $453,000 contract with Houston-area firm Virtuo Group for citywide cybersecurity awareness training and support services for the city’s IT department.

A week before the May 3 ransomware attack, the City Council approved a three-year, more than $873,000 contract with Houston-based technology service provider Netsync Network Solutions. The deal called for the group to help the city get a threat detection option for devices such as city servers and employees’ desktops and laptop computers.

The city said May 6 that cybersecurity vendor CrowdStrike was helping IT workers make sure infected city devices are quarantined and cleaned to prevent the spread of any viruses.

The City Council last September approved a $10.4 million contract with McGriff Insurance Services to secure insurance policies to cover cyber liability, as well as property, flooding, general liability and other coverage for the year.

The city’s public updates thus far haven’t been sufficient for residents like Roger Stierman, who said he is worried if recent threats of data the city stores on residents and employees being released will come true.

City officials have maintained that there is no evidence personal information has been leaked and monitoring is continuing to ensure nothing appears online.

“The biggest issue is all the uncertainty,” said Stierman, who is retired and lives in Far North Dallas. “There’s this black cloud, and we just don’t know what’s going on with the city.”

He said the attack initially impacted his monthly payment of his water bill online, leading to him mailing a check. He also said he still can’t browse the city library’s online catalog, which is one of the systems still impacted weeks later.

“I wish I knew more about what the city is doing that’s working, what to do that would help or what I shouldn’t be doing,” Stierman said. “I hate to say it, but I feel a bit left in the dark and I don’t know if that’s a good thing or not.”

The city’s municipal court reopened for business Tuesday and has resumed some hearings as of Wednesday, such as proceedings for parking violations. People have also been able to pay for citations and documents online and in-person for the first time since the May 3 attack. They were previously only able to make payments via mail due to the court being unable to process payments or hold hearings.

Jim McDade, Dallas Fire Fighters Association president, said the day-to-day equipment the department uses to respond to emergency calls appears to be back up and running as of Wednesday.

A lingering issue is getting data from the calls they respond to, he said. A computer system that connects all the fire stations is still down.

“It’s been slow and tedious as the city is rebuilding servers,” McDade said. “But there’s been little communication to us from management on what’s been going on. You just come into work and that’s how you find out every day what’s up and running.”

The city said several servers were compromised with ransomware early May 3 and that it intentionally took others offline to prevent the bad software from spreading. During a May 8 City Council committee meeting, chief information officer Bill Zielinski said the city put in preventative measures that helped limit the effect of the ransomware attack, but city officials haven’t elaborated on what those were.

The city in mid-May said it could take several more weeks or months to fully restore the system from the ransomware attack, which includes reviewing and cleaning servers and devices to make sure they are safe to use. Ransomware is often used to extort money from organizations by threatening to block access to files or release confidential information unless money is paid.

——————————————————–


Click Here For The Original Source.

National Cyber Security

FREE
VIEW