Heimdal
article featured image

Contents:

Officials from Dallas, Texas declared that Royal Ransomware gang is responsible for a cyberattack that shut down most of the city’s services and knocked the Dallas Police and Fire Rescue departments offline this week.

Since the ransomware group’s Wednesday morning intrusion into network servers was discovered by Dallas’ IT workers, which resulted in a system-wide outage, the city has been working round-the-clock to restore online services.

Employees have been hard at work to contain the issue and ensure continued service to our residents. While the source of the outage is still under investigation, I am optimistic that the risk is contained,

Dallas Officials Addressing the Matter (Source)

Royal’s Attack Explained

The city’s police force had to use a backup radio system to dispatch officers to 911 calls since the attack, but response times have not been affected according to the Dallas PD’s spokesperson.

It was revealed on Thursday that “a group called Royal initiated the attack”. Before releasing the ransomware and encrypting a victim’s devices, Royal, according to the gang’s profile, will deactivate the target’s antivirus software and exfiltrate a lot of data.

Instead of dispatching a ransom note with payment instructions, the threat actors direct its target to contact them on their dark web site. Sources say that the hacked into Dallas city printers and printed out a typed ransom note containing a direct link for the city to make contact. The city’s officials are yet to disclose the exact amount of ransom demanded, but Royal is known to threaten its victims with higher asks in comparison to most ransom groups.

A Cybersecurity and Infrastructure Security Agency (CISA) advisory about the group released in March stated that Royal’s ransom demands can range from $1 million to $11 million in Bitcoin. Royal entered the ransom scene sometime around 2022 and, in some months, outperformed more notorious ransom groups like Lockbit, BlackCat, and Vice Society in terms of the number of attacks.

The CISA report stated the group was using its own version of the Royal ransomware, which “uses a custom-made file encryption program, evolved from earlier iterations that used “Zeon” as a loader,” to attack vital infrastructure in particular.

We will keep you updated on the situation as more details are available.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.

 

Author Profile

Cristian Neagu

CONTENT EDITOR

linkedin icon

Cristian is a Content Editor & Creator at Heimdal®, where he developed a deep understanding of the digital threat landscape. His style resonates with both technical and non-technical readers, proof being in his skill of communicating cybersecurity norms effectively, in an easy-to-understand manner.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE