City of Dallas residents are still dealing with some delays and disruptions following a Wednesday ransomware attack which affected some city websites and services. City officials say that a group called Royal initiated the attack.

Police and fire service to residents weren’t affected by the attack, however, according to reports the 911 call center had to operate without computer dispatch.

On Wednesday, May 3 city of Dallas officials announced that security monitoring tools notified the Security Operations Center (SOC) that a likely ransomware attack had been launched within the city’s environment.

“Since City of Dallas’ Information and Technology Services (ITS) detected a cyber threat Wednesday morning, employees have been hard at work to contain the issue and ensure continued service to our residents,” City Manager T.C. Broadnax said in a statement. “For those departments affected, emergency plans prepared and practiced in advance are paying off. We apologize for any inconvenience and thank residents for their understanding as we continue to work around the clock until this issue is addressed.”

In a statement released early Thursday, the city announced that ITS and its vendors are continuing to work around the clock to contain the outage and restore service, prioritizing public safety and public-facing departments.

“This egregious cyberattack is an example of the pervasive threat that predatory cybercriminals pose to everyone from multinational businesses to local governments,” said Darren Guccione, CEO and Co-Founder at Keeper Security. “No one is safe from cybercrime and often the most vulnerable among us are the most likely to be targeted or victimized. In this case, threat actors targeted city operations that could have caused a major disruption to 911 and emergency operations. From a positive perspective, the city’s security monitoring tools appear to have served their intended purpose by alerting the city’s response team.”

Security leaders weigh in

 “This attack in Dallas is particularly concerning because it affects local police and underscores the fact that ransomware gangs are willing to put public safety at risk to ensure their ransom demands are met,” said Kendall Larsen, President & CEO, VirnetX. “Unfortunately, this is not an isolated incident and we continue to see municipalities across the nation being targeted by similar attacks.”

“Now that the ransomware has been contained, the next step for Dallas officials is to take stock of the damages and what it’s going to take to recover,” Guccione added. “Ideally, IT teams will be able to restore compromised systems with a recent backup. City leaders will also need to prioritize getting the most critical systems and networks back online, such as the city’s emergency dispatch system. Depending on how long the recovery process takes, some systems will likely remain offline longer than others.

“In cases where personal information is stolen, the impacts of the data breach persist even after it’s been discovered and contained,” Guccione said. “If the threat actors did manage to steal personal information in this attack, they can use it for identity theft and targeted cyberattacks down the road. Also, be aware that the cyberattack may not be completely over.”