Royal Ransomware Attack Continues to Cripple City of Dallas


May 8, 2023

World map

Last week, the Royal ransomware gang claimed the City of Dallas as a victim, disrupting critical services including 911 dispatch systems.

Emergency dispatch was still down in the Dallas 911 call center as of this weekend, with Police and firefighters responding to calls by radio with no details about the incident and forced to use paper and pencil to record addresses.

“Our priority remains the restoration of public safety functions such as Computer Aided Dispatch (CAD) for 911 and 311, as well as public-facing services including websites and payment and permitting systems,” a statement by officials read.

“Each device, webpage, and system will be brought back as soon as safely possible to prevent risking any further setback.”

Some stakeholders criticized Dallas officials for not communicating adequately during the crisis.

““It’s also a serious data breach incident. We have not heard a whisper from the chief of police, the mayor, or the city manager. This should be unacceptable, but here we are,” the Dallas Police Women’s Association tweeted.

“The citizens of Dallas deserve better. The employees of Dallas deserve better. The first responders of Dallas, who put their lives on the line, absolutely deserve better. This should have never even happened. But for God’s sake- say SOMETHING.”

Takeaway: Royal is a really ruthless threat actor group, and this level of disruption of emergency services and other critical operations is exactly what they are after - the more pain for the victims and the bigger the crisis they can cause just works in their favor.

Critical infrastructure, services and systems have never been under more of a threat than they are today in the face of a relentless barrage of ransomware attacks. Royal specializes in targeting critical infrastructure sectors.

While many organizations have stepped up efforts to prepare for a ransomware attack by implementing controls like anti-ransomware and endpoint protection solutions, most organizations have not done the hard work of actually preparing for a ransomware attack to be successful.

In addition to prevention capabilities, organizations need to hold regular tabletop exercises where they can stress test their incident response plans and develop contingencies to account for disruptions to systems and critical services.

Key to these exercises, and fundamental to any response actions, is good communication between all stakeholders, including staff and the general public.  

A disruptive ransomware attack creates enough issues, and a timely response is of the utmost importance. Lack of visibility and clear guidelines leave those impacted in a state of confusion and anxiety.  

Clear, concise communications during a crisis like the one the City of Dallas is experiencing will enhance response efforts and reduce the anxiety these headline-making attacks generate. Everyone should know what they need to be doing, and where they can get answers.

Organizations need to plan for failure, and assume the worst in preparing for any crisis, cyberattacks included. Resilience planning for when controls fail to protect the organization is just as important as prevention planning. is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more.