Dallas County Blocks Attempted Ransomware Attack

Dallas County officials said that an attempted ransomware attack has been stopped as of Oct. 31.

The county became aware of the attack Oct. 19.

“Dallas County interrupted data exfiltration from its environment and effectively prevented any encryption of its files or systems,” a notice on the county’s website reads. “It appears the incident has been effectively contained, partly due to the measures we have implemented to bolster the security of our systems.”

These measures included:

• Extensive deployment of an Endpoint Detection and Response tool across servers and endpoints connected to the network.
• Forcing password changes for all users to grant access to county systems.
• Mandating multi-factor authentication for remote access to the network.
• Blocking ingress and egress traffic to IP addresses identified as malicious.

Once the incident was detected, the county retained external cybersecurity efforts to assist in efforts to contain the threat, investigate the scope and nature of the attack, and enhance security efforts to prevent similar incidence in the future.

Work with the cybersecurity firm remains ongoing.

“While our goal is to be transparent and forthcoming with information relating to the incident, we do not want to make premature assumptions about the extent of impact or other details, which may evolve as the forensic investigation advances,” the notice reads. “Because accountability is important to us, however, we are sharing additional information relating to our containment efforts.”

The Dallas Morning News reported that hacking group Play posted on the dark web that it had stolen information from Dallas County and planned to publish the information on Nov. 3.