June 26

How Ransomware Locked Out an Entire City and What We Can Learn 

    Industry News

    minute Read

    0   comments

    Share0
    Tweet0
    Share0
    Share0
    Tweet0
    Share0
    table of contents
    The Mechanics of the Attack 
    The Massive Cost of Recovery 
    Case Study 1 - The Dallas Incident: A Return to Pen and Paper 
    Life Without the Digital Shield 
    The True Cost of Silence 
    Case Study 2 - The Oakland Incident: A Crisis of Data and Trust 
    The Impact of a Massive Data Breach 
    A Lesson in Double Extortion 
    Lessons for the Future: Building a Resilient Shield 
    Key Takeaways: It is a Matter of When, Not If 

    Imagine waking up to find that every digital service in your city has vanished. The systems that manage emergency calls are dark, the courts are closed, and even the simplest tasks like paying a utility bill have become impossible. This is not the plot of a disaster movie but the reality faced by several major cities over the last few years. When the City of Dallas was hit by a coordinated ransomware attack, the impact was so severe that emergency responders were forced to return to the era of pen and paper, manually tracking 911 calls while the digital infrastructure lay in ruins. 

    These attacks serve as a chilling wake up call for any organisation that manages public data. Cyber criminal groups specifically target city services and educational institutions because they know the pressure to restore operations is immense. By locking down critical files and threatening to release sensitive citizen data, these groups create a high stakes environment where every hour of downtime costs thousands of pounds and puts public safety at risk. 

    The shutdown of a city service is rarely a sudden accident. It is usually the result of a meticulously planned operation where hackers exploit a single weak link to gain a foothold. Once inside, they move silently through the network, identifying the most critical servers before striking with a total encryption event. Understanding how these attacks unfold is the first step in ensuring your own institution does not become the next headline. 

    The Mechanics of the Attack 

    The shutdown of a city is rarely a sudden accident. It is usually the result of a meticulously planned operation where hackers exploit a single weak link. In the case of Dallas, the Royal ransomware group gained entry using a basic service account. This single set of compromised credentials allowed the attackers to move silently through the network for nearly a month before anyone noticed their presence. 

    During this period of dwell time, the hackers performed extensive reconnaissance. They identified the most critical servers, harvested further credentials, and stole over one terabyte of sensitive data. By the time they triggered the encryption process, they had already mapped out the entire digital landscape of the city. This highlights a terrifying truth of modern cyber crime: the actual lockout is just the final step of an invasion that has been happening for weeks. Using legitimate remote management tools, the attackers made their movements look like normal administrative activity, bypassings many traditional security alerts. 

    The Massive Cost of Recovery 

    The financial burden of a ransomware attack extends far beyond any potential ransom demand. In fact, many public bodies now refuse to pay ransoms entirely, but the cost of rebuilding remains astronomical. For the City of Dallas, the recovery budget quickly climbed to over eight million dollars. This money was spent on hardware replacement, forensic experts, and legal consultants to manage the fallout of the data breach. 

    The human cost is even harder to quantify. In Oakland, the Play ransomware group leaked ten gigabytes of confidential data on the dark web after the city refused to pay. This included the social security numbers, home addresses, and even medical records of thousands of current and former employees. This led to: 

    • Legal Settlements: Thousands of city workers and police officers filed claims against the city for failing to protect their private information. 
    • Service Backlogs: It took months for departments to clear the backlog of work created during the weeks that systems were offline. 
    • Reputational Loss: Public trust in digital municipal services was severely shaken, leading to long term scrutiny of the IT budget and leadership. 

    Case Study 1 - The Dallas Incident: A Return to Pen and Paper 

    On the morning of May 3, 2023, the City of Dallas became the target of one of the most disruptive cyber attacks in recent history. The Royal ransomware group, an aggressive offshoot of the notorious Conti gang, successfully encrypted critical servers across the municipal network. While many ransomware attacks happen behind the scenes, this incident immediately spilled over into the physical world, bringing the ninth largest city in the United States to a functional standstill. 

    The most dramatic impact was felt within the Dallas Police Department and Fire Rescue services. The Computer Aided Dispatch system, known as CAD, which allows 911 operators to track emergencies and send officers to specific locations, was completely disabled. This left first responders in a high stakes information vacuum. 

    Life Without the Digital Shield 

    With the CAD system offline, the city was forced to revert to methods not seen on such a large scale in decades: 

    • Manual Dispatching: 911 call takers had to write down every emergency request by hand on paper slips. These notes were then physically passed to dispatchers who relayed the information over the radio. 
    • Radio Overload: Because the digital data links to patrol cars were broken, every single piece of information had to be spoken aloud over the radio frequencies. This led to congested channels and a dangerous delay in communicating vital details. 
    • Personal Device Workarounds: Officers were often forced to use their personal mobile phones to coordinate with their teams and look up locations, as the official MDT terminals in their vehicles were nothing more than dark screens. 
    • Investigative Paralysis: Detectives found themselves unable to access crucial case files or even look up prior call histories at specific addresses. In some instances, this meant officers were responding to locations without knowing if there was a history of violence or dangerous activity at that site. 

    Beyond the police department, the city courts were forced to close, jury trials were cancelled, and the public library system went dark. Even the city printers were hijacked, spewing out ransom notes that demanded contact through a dark web portal. 

    The True Cost of Silence 

    The recovery from the Dallas attack was a long and painful process. It took over a month to restore ninety percent of the affected systems, and the total budget for remediation was eventually set at over eight million dollars. This incident proves that ransomware is not just a digital nuisance; it is a direct threat to public safety. When the systems we rely on for protection are taken away, the human cost of manual workarounds and delayed responses becomes a heavy burden for any city to bear. 

    Case Study 2 - The Oakland Incident: A Crisis of Data and Trust 

    In February 2023, the City of Oakland became the victim of a sophisticated double extortion attack by the Play ransomware group. While Dallas struggled with the physical logistics of emergency response, Oakland faced a different kind of nightmare: the systematic theft and release of hundreds of gigabytes of sensitive data. 

    The attack began when employees inadvertently interacted with phishing emails, giving the attackers a gateway into the municipal network. Once inside, the Play group did not just lock the doors; they emptied the filing cabinets. When the city refused to pay the ransom demand, the hackers followed through on their threats with a massive and malicious data dump. 

    The Impact of a Massive Data Breach 

    The fallout from the Oakland attack was far reaching and personal, affecting over thirteen thousand current and former employees. The consequences included: 

    • The Exposure of Sensitive Records: The hackers released over six hundred gigabytes of data on the dark web. This included social security numbers, home addresses, and even confidential medical information. 
    • Threats to Police Safety: Because the breach included the personal details of police officers, many felt their safety and the safety of their families were at risk in a city already facing high crime rates. 
    • Legal and Financial Turmoil: The city was hit with multiple class action lawsuits alleging negligence in protecting employee data. By May 2025, the city had agreed to a massive settlement to compensate victims for identity theft and lost time. 
    • Investigative Delays: The loss of digital systems even impacted the ability of the police department to investigate misconduct claims, leading to extended federal oversight of the force. 

    A Lesson in Double Extortion 

    The Oakland case highlights why simply having backups is no longer enough. Even though the city was able to eventually restore many of its systems, they could not unrelease the data that had been stolen. This incident forced the city to allocate over ten million dollars to modernize its cybersecurity infrastructure and implement rigorous staff training. It serves as a stark reminder that the true cost of a ransomware attack is often measured in the years of legal battles and the permanent loss of privacy for those involved. 

    Lessons for the Future: Building a Resilient Shield 

    The stories of Dallas and Oakland are not just cautionary tales; they provide a clear roadmap for what other public bodies and universities must do to survive in the 2026 threat landscape. The primary takeaway is that traditional perimeter security is no longer enough. 

    • Implement Zero Trust Architecture: Moving away from the idea of a trusted internal network. Every user and device must be continuously verified, regardless of their location. 
    • Prioritise Offline Backups: Ransomware often targets online backup servers first. Maintaining immutable, air gapped backups ensures that even if the network is encrypted, the data remains safe and recoverable. 
    • Continuous Staff Training: Since phishing remains the most common entry point, regular and engaging security awareness training is the most effective way to turn employees into a human firewall. 
    • Rapid Patch Management: Attackers exploit known vulnerabilities in older software. A strict schedule for system updates and health checks can close the door on groups like Royal and Play before they even start. 

    Key Takeaways: It is a Matter of When, Not If 

    Ransomware has evolved into a highly profitable business model that thrives on the disruption of essential services. As we have seen in Dallas and Oakland, the cost of an attack is measured in millions of pounds, lost productivity, and a permanent scar on the reputation of the institution. However, these disasters are not inevitable. By learning from these real world examples and taking proactive steps to harden digital defences, organisations can ensure that they are prepared for the challenges of the modern era. 

    Overt Software Solutions is dedicated to helping public sector bodies and educational institutions build the resilience they need. From comprehensive IdP health checks to implementing robust multi factor authentication, our team provides the expertise and tools to protect your critical services from being the next headline.  

    Contact us now

    Do not wait for a crisis to evaluate your security. Contact Overt Software Solutions today to learn how we can help you build a more secure future. 

    Tags

    You may also like