Dallas County ‘interrupted’ data exfiltration, prevented encryption after attack


Dallas County provided an update on the ransomware attack that was reported this week, telling residents that they were able to stop the incident before the hackers could encrypt files or systems.

On Monday, the county of nearly 3 million residents confirmed it was dealing with a cybersecurity incident after the Play ransomware gang claimed it breached their systems this weekend.

On Tuesday evening, the county released a follow-up statement providing more details about the incident. “Due to our containment measures, Dallas County interrupted data exfiltration from its environment and effectively prevented any encryption of its files or systems,” they said.

“It appears the incident has been effectively contained, partly due to the measures we have implemented to bolster the security of our systems.”

They attributed their defensive success to the deployment of endpoint detection and response (EDR) tools, forced password changes, multi-factor authentication and more.

They did not explain how the hackers initially got into their systems but said “there is no evidence of ongoing threat actor activity in our environment.”

“Given these measures and findings, it appears at this time that the incident has been successfully contained and that Dallas County’s systems are secure for use,” they said, adding that the initial attack only affected a portion of their network.

The county hired an unnamed cybersecurity company to assist in their remediation efforts after the attack was discovered — the investigation is ongoing.

Counties have faced a barrage of attacks in 2023 as ransomware gangs focus their efforts on government bodies with the least amount of protections.

Ransomware gangs have caused significant issues to county government systems in Delaware, California, South Carolina, New Jersey, Oregon, Florida, Ohio, Wisconsin, Mississippi, West Virginia, Georgia, and Missouri.

Earlier this year, a major county in New York outlined the months-long devastation caused by a 2021 ransomware attack, explaining that police departments, tax offices and even basic government functions were hampered by the incident.

The Play ransomware gang has continued its streak of high-profile attacks this year. The group caused outrage with its attack on the city of Oakland, which is still dealing with the ramifications of its February attack.

The Swiss government warned in June that the hackers stole data on citizens after an attack on one of their IT providers.

The ransomware gang first emerged in July 2022, targeting government entities in Latin America, according to Trend Micro, and has also attacked the Massachusetts city of Lowell and Belgium’s Antwerp as well as several companies across Europe.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Medical firm reaches $100,000 settlement with HHS over 2017 ransomware attack

Next Post

An info-stealer campaign is now targeting Facebook users with revealing photos

Related Posts

Microsoft, OpenAI move to fend off genAI-aided hackers — for now

Of all the potential nightmares about the dangerous effects of generative AI (genAI) tools like OpenAI’s ChatGPT and Microsoft’s Copilot, one is near the top of the list: their use by hackers to craft hard-to-detect malicious code. Even worse is the fear that genAI could help rogue states like Russia, Iran, and North Korea unleash unstoppable cyberattacks against the US and its allies.The bad news: nation states have already begun using genAI to attack the US and its friends. The good news: so far, the attacks haven’t been particularly dangerous or especially effective. Even better news: Microsoft and OpenAI are taking the threat seriously. They’re being transparent about it, openly describing the attacks and sharing what can be done about them.To read this article in full, please click here
Omega Balla
Read More