The City of Dallas was recently hit with a ransomware attack impacting operation of city duties and public safety. It is a very sad situation and our thoughts go out to all of those involved in the recovery. Bleeping Computer has some excellent reporting on this and we encourage everyone to check it out.

From Bleeping Computer:

BleepingComputer has learned that the Royal Ransomware operation is behind the attack on the City of Dallas.

According to numerous sources, network printers on the City of Dallas’ network began printing out ransom notes this morning, with the IT department warning employees to retain any printed notes.

A photo of the ransom note shared with BleepingComputer allowed us to confirm that the Royal ransomware operation conducted the attack.

BleepingComputer also shares that this attack was a callback phishing attack:

While Royal is known to breach networks using vulnerabilities in Internet-exposed devices, they commonly use callback phishing attacks to gain initial access to corporate networks.

These callback phishing attacks impersonate food delivery and software providers in emails pretending to be subscription renewals.

However, instead of containing links to phishing sites, the emails contain phone numbers that the victim can contact to cancel the alleged subscription. In reality, these phone numbers connect to a service hired by the Royal threat actors.

When a victim calls the number, the threat actors use social engineering to convince the victim to install remote access software, allowing the threat actors access to the corporate network.

A gunman opened fire days later in a Dallas suburb outlet mall, killing 8 and according to the Washington Post:

Investigators weren’t able to get information on the history of police calls to the home of a mass killing suspect due to a ransomware attack that knocked Dallas government computers down, law enforcement officials told Rebecca Lopez of news channel WFAA in a story this weekend.

Ransomware attacks can have ongoing devastating effects for the victims and they can also be scary. JustTech works with our clients to have the best security solutions in place to prevent these attacks the best we can and to be ready to quickly recover clients should a ransomware attack occur. With callback phishing attacks, clients should be vigilant and not allow 3rd parties to have remote access to devices connected to the internet without internal IT or a managed service provider present to ensure all is legit before granting access.

Solutions we use in combating ransomware, include:

  • DNS Protection – JustTech’s DNS Protection for workstations is a cloud security platform that provides the first line of defense against threats (including many ransomware type attacks) on the internet wherever users go.  The solution is provided through Cisco Umbrella.  This solution blocks malicious destinations before a connection is ever established. This is an additional layer of network security and content filtering.
  • Managed Detection and Response – JustTech’s Managed Detection and Response (MDR) solution allows us to detect an intrusion or attack and reduce the time between discovery and response to provide a faster resolution of the incident. By instantly closing off endpoints, the attack cannot spread and move into other systems.
  • Multi-Factor Authentication Solutions – JustTech’s Multi-Factor Authentication Solutions are designed to meet the need of increased security when logging into computers & laptops and increased convenience of using a single sign on to access many applications and websites.
  • Redundant Off-Site Backup – JustTech’s Redundant Off-Site Backup solution encrypts and backups your data to our data colocation facility which has redundant power and redundant internet.
  • Cloud Orchestration – JustTech provides our clients with Cloud Orchestration solutions and other Cloud Solutions. Cloud orchestration is the method of automating tasks needed to manage workloads on both the private and public clouds. Cloud orchestration technologies integrate automated tasks and processes into a workflow to perform specific functions. As more and more businesses look to completely transition programs and databases to the cloud, cloud orchestration is vital for a seamless transition. Also, With hybrid work becoming the new normal and cyber threats increasing, we are seeing a rapid increase in requests from clients to transition completely to the cloud. Clients who have transitioned completely to the cloud generally see faster recovery times following a major IT incident.

Contact us for more information.

About Just·Tech
Just·Tech, a 2020 & 2021 Inc. 5000 designee and a 2023 CRN MSP 500 honoree is a technology company and has been keeping more than 3,000 clients happy since 2006 in providing our Print Solutions, Network & IT Solutions and custom Xerox App Solutions.

Areas we support:

  • Washington DC Metropolitan area including parts of Virginia & Maryland and also Southern Maryland
  • Northern Virginia, Eastern Panhandle of West Virginia and the Shenandoah Valley in Virginia
  • North Eastern Virginia and the Northern Neck of Virginia including the cities of Fredericksburg & Stafford
  • West Central Virginia including the cities of Harrisonburg, Staunton & Charlottesville
  • South Western Virginia including the cities of Lynchburg and Roanoke
  • North Central West Virginia including the cities of Fairmont, Clarksburg & Elkins
  • WV/KY/OH tri-state region including the cities of Huntington, Charleston, Ashland and Portsmouth

Through our Print Solutions, we offer sales and support for Xerox multifunction copiers & printers. Just·Tech is a Strategic Xerox Partner and one of the top ten Xerox partners in the country.  We also provide supplies & service support for HP, Lexmark, Dell and Brother printers. Currently we are managing thousands of copiers & printers making millions of copies & prints every month.

With our Network Solutions, we provide Managed Network Services & IT Support to hundreds of small businesses, non-profits and religious organizations. We specialize in proactive support and provide onsite & remote assistance.

Just·Tech is the first Xerox certified Personalized Application Builder Authorized Developer in the United States. With our App Solutions, we create custom apps for Xerox multifunction copiers that increase efficiency and improve workflows. Just·Tech is the exclusive reseller in the U.S. of the most affordable and complete print management app solution, PrintAnyWay.  There are more than 100,000 apps that we have created installed on Xerox devices across the globe.

Contact us for more information.