The county announced on its website that its IT staff interrupted an attempt to steal data and “effectively prevented any encryption of its files or systems.”
“Currently, there is no evidence of ongoing threat actor activity in our environment,” the county statement said. “Given these measures and findings, it appears at this time that the incident has been successfully contained and that Dallas County’s systems are secure for use.”
The statement also said, “We do not want to make premature assumptions about the extent of impact or other details, which may evolve as the forensic investigation advances.”
On Monday, the county issued a response to a cyber hacking group’s post on the dark web that said it had stolen county data. Dallas County Judge Clay Lewis Jenkins acknowledged there had been a “cybersecurity incident,” but few details were shared.
The ransomware group Play posted on the dark web that it had stolen information from Dallas County. Play’s post threatens to publish the information on Nov. 3.
Commissioner Theresa Daniel who heads the county IT committee said she was cautiously encouraged by what she’s read thus far but waits for the investigation to answer further questions.
“We’ve got top notch experts to assess what happened, if anything was taken and to put in measures to avoid it from happening again,” she said in a text message.
Commissioner John Wiley Price previously told The Dallas Morning News that the hacker’s post was nothing more than a claim that was being investigated by staff and contractors.
“We just know that it’s a claim,” he said Monday. “We’re not validating any claim at this time.”
Murat Kantarcioglu, a computer science professor at the University of Texas at Dallas, said that he still has questions after reading the county’s statement. If the county stopped the attack, he said it still isn’t clear whether the hackers stole any information before they were kicked out of the system.
Oftentimes once hackers have gained access to an organization’s system, they will snoop around for information, extract it, then encrypt the system and leave a ransom note on devices. Kantarcioglu said if the county cut the hackers’ access mid-attack, they still could have pilfered some information.
Kantarcioglu, who focuses on cybersecurity and data privacy, said that most of the time once hackers post a ransom demand claiming to have information on the dark web, hackers have collected at least some data.
“I don’t suspect they are bluffing, but how much they have we don’t know,” he said.
The county’s Tuesday statement said its system was able to stave off a full attack due to bolstered measures.
According to the county, security measures include requiring multi-factor authentication for remote access to the network, forcing frequent password changes for all users, monitoring devices accessing the network and reviewing potentially malicious IP addresses attempting to access or remove content from the county network.
Kantarcioglu said if the statement is true, Dallas County came away from the cyber attack better than most organizations.
“This is a good example of investing in cybersecurity,” he said. “If you invest, it will help reduce the impact of the attack.”
Commissioner Elba Garcia said she’d like to see the county hire an IT director, a position that has been unfilled since July.
“We need a new IT director as soon as possible,” she said. “Someone with experience and can put a team together that can look into the future and solve some of the big problems in Dallas County.”
Brett Callow, an analyst with cybersecurity firm Emsisoft, previously said that the ransomware group Play became public in the middle of last year. The group usually shares little information in its dark web posts compared, unlike other groups that can include samples of stolen files.
The hacking scare had Dallas County employees and partners worried.
The Dallas Police Department directed employees Monday to not log into the law enforcement portal shared with Dallas County, upload or download evidence or open attachments or links from Dallas County email addresses.
Miguel Hernandez, the local chapter president of the National Latino Peace Officers Association, said that he has cautioned members to monitor their bank accounts.
Hernandez, who works at the Dallas County Sheriff’s Department, said that the county’s payroll issues earlier this year — hundreds of employees were not paid on time due to an upgraded financial system — have left employees worried that the cyber attack would affect their pay.
Hernandez said the IT issue has left employees troubled.
“We’re all worried about them getting into our bank accounts, not just the sheriff department — the whole county,” he said.
Cyber terror groups have been hitting the Dallas area hard this year. The city of Dallas was attacked in April, when hackers stole more than 800,000 files. An internal review of the data breach concluded that the ransomware group Royal used stolen online credentials to get into the city’s system.
That same group of hackers had also hit the Dallas Central Appraisal District in November 2022 on Election Day. Employees’ access to computers, emails and the district website were frozen. The tax appraisal district paid $170,000 to regain access.
At least 72 local governments in the U.S. have been affected by ransomware this year, according to Emsisoft, which helps recover data stolen in ransomware attacks.
©2023 The Dallas Morning News, Distributed by Tribune Content Agency, LLC.
