The Dallas Central Appraisal District had to pay $170,000 in a ransomware attack in November.
The taxing district was attacked by the world’s most infamous cyber extortion group, but its website is back online.
On Election Day 2022, all 300 of the district’s desktop computers were frozen. Emails didn’t work, and the website was gone, the Dallas Morning News reported. All they could see was an extortion note from Royal Ransomware.
“We are Royal Ransomware, and if you’re reading this note, we’ve taken control of your systems. We can help you guys. We just need some money,” it read.
“We were scared to death to touch anything,” Dallas County Chief Appraiser Ken Nolan told the outlet.
The attack brought the office’s operations to a grinding halt for the following 72 days. Some 90 percent of the office data exists online with almost no paper copies.
The attack was likely triggered by an employee falling for a phishing email, Nolan deduced.
The hackers demanded almost $1 million, so Nolan went to the FBI, which has teams focused on catching hackers and helping victims recover their data, without paying the ransom, if possible. Nolan, with the board’s approval and the advice of cyber security company Cylance, hired a third-party vendor to negotiate with the cyber terrorists.
Nolan wanted to pay as little as possible and still have data returned for the 840,000 property records that DCAD handles
“We paid substantially less than what they were asking,” Nolan told the outlet, adding that it was a “miniscule” portion of the district’s $34 million budget.
DCAD paid the attackers $170,000 in bitcoin via the negotiators. The money came from a rarely used calamity reserve fund
Dallas isn’t the first Texas city targeted by Royal. The Travis County Appraisal District in Austin was also attacked in December for a second time, following 2019 attack.
DCAD is close to being back to normal, but still has to catch up on homestead exemptions and get the mobile version of the site back up and running.
— Victoria Pruitt