(TNS) — Dallas County announced Tuesday that an attempt to hack into the county's computer systems earlier this month was thwarted and officials continue to investigate the incident.
The county announced on its website that IT staff had disrupted the attempt to steal data and “effectively prevented encryption of files and systems.”
“At this time, there is no evidence of continued threat actor activity within our environment,” the county statement said. “Given these actions and the findings of our investigation, the incident has been successfully contained at this time and Dallas County's system appears to be safe for use.”
The statement also said: “We do not want to make premature speculations about the extent of impact or other details that may change as the forensic investigation progresses.”
The county on Monday released a response to a dark web post by a cyber hacking group that claims it stole county data. Dallas County Judge Clay Lewis Jenkins acknowledged there was a “cybersecurity incident” but shared few details.
Ransomware group Play posted on the dark web that it had stolen information from Dallas County. Play's post threatens to release information on November 3rd.
Commissioner Teresa Daniel, chair of the county IT Commission, said she was cautiously encouraged by what she had read so far, but was waiting for the investigation to answer further questions.
“We have leading experts to evaluate what happened, if anything was done, and to take steps to avoid it happening again,” he said in a text message.
Commissioner John Wiley Price previously told the Dallas Morning News that the hacker's post was just a claim being investigated by staff and contractors.
“All we know is that's the allegation,” he said Monday. “We have not verified any claims at this time.”
Murat Kantarcioglu, a computer science professor at the University of Texas at Dallas, said he still has questions after reading the county's statement. He said even if the county stopped the attack, it's still unclear whether the hackers stole any information before being kicked out of the system.
Once hackers gain access to an organization's systems, they often scour and extract information, encrypt the system, and leave a ransom note on the device. Cantarcioglu said even if the county cut off the hackers' access during the attack, they may have been able to steal some information.
Kantarcioglu, who focuses on cybersecurity and data privacy, said that when hackers post ransom demands claiming to have information on the dark web, the hackers almost always collect at least some data. He said he is doing so.
“I don't think they're bluffing, but I don't know how much money they have,” he said.
The county's statement Tuesday said the enhanced measures allowed the county's systems to contain the full-scale attack.
According to the county, security measures include requiring multi-factor authentication for remote access to the network, forcing all users to change their passwords frequently, monitoring devices that access the network, and restricting access to the county's network. This includes checking for potentially malicious IP addresses attempting to access or remove content.
Cantarcioglu said if this statement is true, Dallas County has escaped cyberattacks better than most organizations.
“This is a great example of investing in cybersecurity,” he said. “The investment you make will help reduce the impact of attacks.”
Commissioner Elva Garcia said the county hopes to hire an IT director, a position that has been vacant since July.
“We need a new IT director as soon as possible,” she said. She is “someone with the experience and the ability to put together a team that can look to the future and solve some of Dallas County's biggest problems.”
Brett Callow, an analyst at cybersecurity firm Emsisoft, previously said that the Play ransomware group was made public in the middle of last year. Unlike other groups that can include samples of stolen files, this group typically shares little information in their dark web posts.
The hacking scare had Dallas County officials and partners worried.
The Dallas Police Department on Monday directed its employees not to log into law enforcement portals shared with Dallas County, upload or download evidence, or open attachments or links from Dallas County email addresses.
Miguel Hernandez, president of the local chapter of the National Latino Peace Officers Association, said he warned members to monitor their bank accounts.
Hernandez, who works for the Dallas County Sheriff's Department, said the county's payroll crisis occurred earlier this year (an upgrade to its financial system meant hundreds of employees weren't paid on time), and that employees were worried about the cyberattack. He said he was concerned that it would have an impact on the
Hernandez said IT issues are plaguing his employees.
“We're worried, not just at the Sheriff's Department, but throughout the county, that they're going to break into our bank accounts,” he said.
Cyber terrorist groups have been heavily attacking the Dallas area this year. The city of Dallas was attacked in April and over 800,000 of his files were stolen by hackers. An internal investigation into the data breach concluded that the ransomware group Royal used stolen online credentials to infiltrate the city's systems.
The same hacker group also attacked the Dallas Central Appraisal District on Election Day in November 2022. Employee access to computers, email and the district website was frozen. The tax district paid $170,000 to regain access.
At least 72 local governments in the United States have been affected by ransomware this year, according to Emsisoft, which helps recover data stolen in ransomware attacks.
©2023 Dallas Morning News Distributed by Tribune Content Agency, LLC.
