Dallas faces threat of data leak by Royal ransomware gang
Dallas, one of the largest U.S. cities with a population of almost 1.3 million, has been hit by a ransomware attack three weeks ago. The city's municipal court can't process payments, and all court hearings, trials, and jury duty have been cancelled since May 4, according to a report by The Dallas Morning News.
The disruption to the city's operations is of particular concern, especially in the context of the ransomware attack. Emergency services remain available, but many of the Dallas Police Department's systems are still offline. The disruption caused by the attack has resulted in a weeks-long outage for the city.
Royal, the threat actor behind the attack, listed Dallas on its leak site on the dark web. Mark Lance, VP of digital forensics, incident response, and threat intelligence at GuidePoint Security, suggested that Royal probably didn't hear from Dallas officials for a few days, and listed the city on its leak site. However, Dallas has not confirmed any communication with Royal or the ransom amount.
The ransomware attack has prevented police and prosecutors from accessing critical evidence, impacting murder trials. Brett Callow, threat analyst at Emsisoft, expressed concern about Royal's claim to have details relating to court cases and the police operations seeming to have been significantly disrupted. Royal also threatened to release extensive documents from court cases, medical information, clients' information, and thousands of government documents.
Royal claimed to have personal information of Dallas employees, including contact information, credit card numbers, Social Security numbers, and passport data. However, the city stated there is no evidence or indication that data has been compromised. Measures to protect data are in place according to city officials.
Brett Callow, threat analyst at Emsisoft, shared on Twitter a screenshot of Royal's statement about the data leak. The almost three-week span between Dallas' disclosure of the ransomware attack and the listing on Royal's leak site suggests the parties were communicating until sometime last week.
It's worth noting that another ransomware group, SafePay, listed the city of Dallas on their leak site on the darknet on August 29, 2025. The disruption caused by the ransomware attack in Dallas is more damaging due to its impact on a larger population than most ransomware attacks.
This ongoing situation underscores the importance of cybersecurity measures and the potential devastating effects of ransomware attacks on cities and their citizens. As the situation develops, it's crucial for city officials to keep the public informed and take necessary steps to mitigate the impact of the attack.
Read also:
- InformationWarfare in the Modern Era: Enhancing an Information Strategy for today's Battlefield and Botnet Threats
- U.S. intelligence leader alleges UK succumbed to pressure over Apple data access request
- Politician's Rivalry Slips into Online Traps Made for Stealing Information via Social Media Phishes
- Top 46 Significant Tech Firms Based in Toronto
