Understanding The Dallas Ransomware Attack
Posted 05 May at 8:57 pm in Productivity
Dallas Police Department Falls Victim to Ransomware Attack
Yesterday, May 3, 2023, the Dallas Police Department (site it now back up and running) was met with a tech security nightmare. The Police Department fell victim to a ransomware attack that was massively disruptive to their day-to-day operations. It is not uncommon for ransomware attackers to target a group where they feel they will cause the most damage, data loss, financial loss, and reputational damage. The Dallas Police Department (DPD) attack is a prime example of just how thought out and persistent these attackers are. Cops in Dallas were seen using a pen-and-paper to record their day to day activity which is not exactly “strange”, but far from normal for their standard operating procedure.
Ransomware Attacks on Law Enforcement Agencies
It is not totally uncommon for a law enforcement agency to fall victim to a ransomeware attack.
For example, in 2021 there was an attack against the Colonial Pipeline (an American oil pipeline system that resides in Texas) that was disrupted by ransomware attackers. The attack was attributed to a cybercriminal group called DarkSide; the group was demanding 75 bitcoin which, at the time, was worth a few million dollars. The pipeline supplies nearly half of the east coast of the United State’s refined oil… so there was really no option other to pay (they did pay the 4.4. million but later recovered 2.3 million. The incident prompted the U.S. government to issue new guidelines for pipeline operators to enhance their cybersecurity practices.
DPD’s Response to the Ransomware Attack
The DPD reported that the attackers had demanded a ransom of 50 bitcoin (about $3 million) to restore the encrypted data but, the DPD had refused to pay the ransom and instead relied on its backups to recover the data. The DPD did not disclose the identity or motive of the attackers, but it was said that the department was working with federal and state law enforcement agencies to investigate the incident.
The DPD’s response to the ransomware attack shows that it had some cybersecurity measures in place, such as backups, incident response plans, and coordination with external agencies. However, the attack also exposed some weaknesses in the DPD’s cybersecurity posture, such as outdated software, lack of encryption, and insufficient staff training. The DPD acknowledged these issues and pledged to enhance its cybersecurity measures to prevent future attacks.
Though we can’t say with 100% certainty why the DPD was attacked in such a way, we can indeed draw to some conclusions on the attackers motive and why they attacked who they did.
It is almost certain that the attackers were going for high-levels of damage. A police department would check this box, along with many others that makes them a “no-brainer” of a target. If we look at it, a police department would be a targetable operation for a variety of reasons.
Breaking it down to it’s simplest form, the thought process would likely be asking a series of questions:
What organization is a necessity to a major city? The local PD.
Do they have money? Yes.
Do they rely on technology? Yes.
Will they pay to recover this data/technology we are holding ransom? Perhaps; dependent on the backups they have (if any)
If so, how much? The initial thought here is likely that the DPD was willing to pay a lot to recover this information. Luckily, they paid precisely $0 to recover their data. But if they hadn’t had backups, one could imagine the price they’d be willing to pay to recover the compromised data and services.
The goal here was to disturb peace and make money in doing so. The organization that attacked the department was unsuccessful in their road to financial gain, but rather successful in causing civil disruption.
Fortunately DPD was well equipped with backups and disaster recovery procedures but, regrettably, this is not always the case. It isn’t uncommon for a company to fall victim to an attack and have little-to-no recovery plan in this place.
So, what can be learned from the DPD?
Well, always backup your information. Backed it up once? Great, back it up again.
Have a disaster recovery plan in place. Fortunate for the PD, they had a plan in place and they were able to recover a substantial amount of their lost data, without having to meet the ridiculous, unethical demands of the criminals.
Though you may have backups, needing to rely on them in an unsure time is less than ideal as things don’t always go as planned. Make sure you have steps in place to ensure you are prepared for this sort of incident. Take heavy preventative measures such as enabling 2FA (two factor authentication), unique passwords, keep your software up to date, enable a VPN, and stay informed.
Cybersecurity is nothing to be taken lightly, lucky for the Dallas Police Department, they were on top of things. With cybersecurity, the best rule of thumb is hope for the best, prepare for the worst.