Dallas County could become the latest victim in a series of local cyberattacks after a ransomware group claimed to have obtained county information on the dark web over the weekend.
County officials said Monday they were made aware of a “cybersecurity incident” on Oct. 19, but did not provide further details.
“We immediately took steps to contain the incident and engaged an outside cybersecurity firm to conduct a comprehensive forensic investigation,” County Judge Clay Lewis Jenkins said in a statement.
In a statement, the county said it has implemented strict security protocols and is working with cybersecurity experts and law enforcement to address the situation. He declined to elaborate on the incident, saying it was still under investigation. Lewis Jenkins' office declined further comment.
Commissioner John Wiley Price said the county knew about the alleged attack before the ransomware group posted it on the dark web. Price said the county has not verified claims that the group breached county systems and is investigating whether a breach occurred.
“All we know is that it's a claim,” he said in an interview. “We have not verified any claims at this time.”
The Dallas Police Department issued an internal email Monday asking its employees not to log into law enforcement portals shared with Dallas County, upload or download evidence, or open attachments or links from Dallas County email addresses. I warned you.
District Attorney John Clouzot said the incident could impede the ability of lawyers and prosecutors to upload documents into court.
“If there is a bigger problem, I haven't been made aware of it, and no one in my office has said that my ability to do my job has been compromised,” Clouzot said in an interview.
Cyber experts posted dark web screenshots on X (formerly Twitter) of a cyber hacking group that claims to receive information from Dallas County. According to the screenshot, the hacker created the post on October 28th.
Brett Callow, a cyber threat analyst at cybersecurity firm Emsisoft, said such hackers are usually criminals and may lie to authorities, but once they have information from an organization on the dark web, When they announce, they usually say they actually have the information.
“They may be exaggerating the amount they receive, but they usually tend to get at least some,” he said in an interview.
Ransomware group Play claimed responsibility for the attack. Callow said little was known about the group, which became public in the middle of last year. While some groups that brag about their hacks typically include some files in their posts as examples of what they obtained from government agencies, school districts, and companies, Callow said Play tends to keep little information public. That's what it means. Other media reported that the cyber terrorist group also attacked Oakland, California.
Play's post threatens to release information stolen from Dallas County on Nov. 3.
Once a cyber-hacking group gains access to an organization's systems, the attackers can steal information or lock the entire computer system, with no return on the attacker's promise to delete copies of the stolen information or to restore access to the organization. Carrow said the organization will be forced to pay up. system. If the organization refuses to pay a ransom for the information, the hacker threatens to publish the stolen files on the dark web.
Callow questioned why Dallas County didn't notify the public as soon as officials learned of the breach.
“My personal feeling here is that people's personal information may have been compromised. They should immediately tell them that it may have been compromised,” he said. “They know to monitor their bank accounts and do whatever they want to avoid becoming a victim.”
At least 72 local governments in the United States have been affected by ransomware this year, according to Emsisoft, which helps recover data stolen in ransomware attacks.
“My gut feeling is that this is shaping up to be the worst year in terms of organizational compromise,” Callow said.
Dallas has seen multiple attacks recently, including attacks on the City of Dallas and the Dallas Central Appraisal District.
In April, hackers stole more than 800,000 files from the city of Dallas. An internal investigation into the data breach concluded that the Royal Group used stolen online credentials to infiltrate the City of Dallas' systems.
Last November, the rating district suffered on Election Day when the same ransomware group, Royal, froze access to employee computers, email and the district's website. The tax district paid her $170,000 to a ransomware group.
Dallas County has been without a chief information technology officer since July. Price said the county's cybersecurity staff is working diligently.
“Cyber is the part of IT that I don’t have any concerns about,” he said. “We have the right people.”
Staff writer Kelli Smith contributed to this report.
