Dallas County ‘interrupted’ data exfiltration, prevented encryption after attack


Dallas County provided an update on the ransomware attack that was reported this week, telling residents that they were able to stop the incident before the hackers could encrypt files or systems.

On Monday, the county of nearly 3 million residents confirmed it was dealing with a cybersecurity incident after the Play ransomware gang claimed it breached their systems this weekend.

On Tuesday evening, the county released a follow-up statement providing more details about the incident. “Due to our containment measures, Dallas County interrupted data exfiltration from its environment and effectively prevented any encryption of its files or systems,” they said.

“It appears the incident has been effectively contained, partly due to the measures we have implemented to bolster the security of our systems.”

They attributed their defensive success to the deployment of endpoint detection and response (EDR) tools, forced password changes, multi-factor authentication and more.

They did not explain how the hackers initially got into their systems but said “there is no evidence of ongoing threat actor activity in our environment.”

“Given these measures and findings, it appears at this time that the incident has been successfully contained and that Dallas County’s systems are secure for use,” they said, adding that the initial attack only affected a portion of their network.

The county hired an unnamed cybersecurity company to assist in their remediation efforts after the attack was discovered — the investigation is ongoing.

Counties have faced a barrage of attacks in 2023 as ransomware gangs focus their efforts on government bodies with the least amount of protections.

Ransomware gangs have caused significant issues to county government systems in Delaware, California, South Carolina, New Jersey, Oregon, Florida, Ohio, Wisconsin, Mississippi, West Virginia, Georgia, and Missouri.

Earlier this year, a major county in New York outlined the months-long devastation caused by a 2021 ransomware attack, explaining that police departments, tax offices and even basic government functions were hampered by the incident.

The Play ransomware gang has continued its streak of high-profile attacks this year. The group caused outrage with its attack on the city of Oakland, which is still dealing with the ramifications of its February attack.

The Swiss government warned in June that the hackers stole data on citizens after an attack on one of their IT providers.

The ransomware gang first emerged in July 2022, targeting government entities in Latin America, according to Trend Micro, and has also attacked the Massachusetts city of Lowell and Belgium’s Antwerp as well as several companies across Europe.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Medical firm reaches $100,000 settlement with HHS over 2017 ransomware attack

Next Post

An info-stealer campaign is now targeting Facebook users with revealing photos

Related Posts

North Korean Hackers Target Brazilian Fintech with Sophisticated Phishing Tactics

Threat actors linked to North Korea have accounted for one-third of all the phishing activity targeting Brazil since 2020, as the country's emergence as an influential power has drawn the attention of cyber espionage groups. "North Korean government-backed actors have targeted the Brazilian government and Brazil's aerospace, technology, and financial services sectors," Google's Mandiant and
Read More

Cyber Criminals Exploit GitHub and FileZilla to Deliver Cocktail Malware

A "multi-faceted campaign" has been observed abusing legitimate services like GitHub and FileZilla to deliver an array of stealer malware and banking trojans such as Atomic (aka AMOS), Vidar, Lumma (aka LummaC2), and Octo by impersonating credible software like 1Password, Bartender 5, and Pixelmator Pro. "The presence of multiple malware variants suggests a broad cross-platform targeting
Read More

Singapore Police Extradites Malaysians Linked to Android Malware Fraud

The Singapore Police Force (SPF) has announced the extradition of two men from Malaysia for their alleged involvement in a mobile malware campaign targeting citizens in the country since June 2023. The unnamed individuals, aged 26 and 47, engaged in scams that tricked unsuspecting users into downloading malicious apps onto their Android devices via phishing campaigns with the aim of stealing
Read More