web analytics

Dallas Reels from Royal Ransomware Raid – Source: securityboulevard.com

dallas-reels-from-royal-ransomware-raid-–-source:-securityboulevard.com
#image_title
Rate this post

Source: securityboulevard.com – Author: Richi Jennings

Dallas Police cruiserPolice, 911, courts and other city services staggering to recover.

The city of Dallas is still partially paralyzed from Monday’s ransomware attack. The city’s IT services are badly affected—including the police, 911 dispatch and the courts. The Royal ransomware group says it’s the perp.

Printers all over city offices are spewing out ransom demands. In today’s SB Blogwatch, we shot J.R. (ask your parents).

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Fett For A King.

Royal, née Zeon, born of Conti

What’s the craic? J.D. Miles reports—“Ransomware attack hampering Dallas police”:

Probably began with a phishing email

The City of Dallas confirmed that a ransomware attack compromised a number of servers in its system, including the [police] department’s computer assisted dispatch system, called CAD, which directs police to emergencies and other calls. The issue forced 911 call takers to manually write down instructions for the responding officers.



The hackers, a group called Royal, claim that they encrypted the city’s critical data, and threatened to post sensitive information online. … Cyber experts believe the attack probably began with a phishing email that an unsuspecting employee opened.

Not only the po-po. Lawrence Abrams adds—“City of Dallas hit by Royal ransomware attack”:

Remote access software

The City’s court system canceled all jury trials and jury duty … as their IT systems are not operational.. … According to numerous sources, network printers on the City of Dallas’ network began printing out ransom notes … with the IT department warning employees to retain any printed notes.



The Royal ransomware operation is believed to be an offshoot of the Conti cybercrime syndicate, rising to prominence after Conti shut down its operations. … Towards the end of 2022, [Zeon] rebranded into Royal and quickly became one of the most active enterprise-targeting ransomware gangs.



They commonly use callback phishing attacks to gain initial access to corporate networks. … The emails contain phone numbers that the victim can contact [then] the threat actors use social engineering to convince the victim to install remote access software, allowing the threat actors access to the corporate network.

You gotta be kidding me? Turn to Carly Page—“Ransomware attack”:

Remains unknown

Royal … was recently the subject of a joint advisory released by CISA and the FBI [that] said that after gaining access to victims’ networks, typically via callback phishing—whereby hackers send emails claiming that the victim has or will be charged for a service and asks them to call a listed phone number for clarification—Royal hackers “disable antivirus software and exfiltrate large amounts of data” before deploying the ransomware and encrypting systems.



The full impact of the attack remains unknown. In a statement, the city said it was “actively working to isolate the ransomware to prevent its spread, to remove the ransomware from infected servers, and to restore any services currently impacted. The City is currently working to assess the complete impact.”

Time to implement your disaster-recovery plan. In the middle, it’s mr_mitm:

But before you restore backups (if you have any that weren’t encrypted) you may want to determine the exact time at which you were compromised, or else you’ll be restoring potentially tainted backups. Depending on how well you’re organized that alone will take weeks, especially considering that your logs may be encrypted as well. Sometimes you don’t even know how to contact everyone, because your comms are down, too.

Do they still have the death penalty in Texas? TrumpShaker ponders thuswise:

Ok, so, if the hackers are ever apprehended, what charges might be filed for, say, a death that occurs that might have been prevented if law enforcement were able to be dispatched to the location?

What else do we know about Royal? u/Mercy_Rule_34 alleges an allegation:

Same group hit a ton of north Texas medical practices last November, including most of the hospitals systems you know by name. All of it was kept under wraps because of the HIPAA accountability, meaning that as long as they paid the ransom, the PHI (personal health information) was never released and, thus, did not have to be reported to Medicare/other federal programs, which would potentially incur a massive, massive fine. Cheaper to pay the ransom.



Also notable: In early 2022 there were dozens of insurance companies providing coverage for cybersecurity for medical practices. Now there is one. Not a sustainable business model, obviously.

Why are scrotes such as Royal so successful? mr_00ff00 asks “the big question”:

The big question gets raised again, how do we get the non-tech savvy to be safe from cyber threats? Banks and tech companies have high security because they know what they are dealing with, pipelines/schools/hospitals/emergency services continue to be easy targets and things we need to pay money quickly for to get back.



It’s way easier to find a school or government agency that keeps passwords in plain text in code comments or emails than it would be at Meta. … You can hold medical records and pipelines hostage and get just as much money as holding Google info hostage.

It’s so hard to combat phishing. But dmay34 thinks they have the solution:

I understand that phishing emails are things that are stupid effective, but I’ll never see one of these ransomware attack headlines without first thinking “Stop looking at porn on work computers!

Meanwhile, u/Tired_Sysop is tired:

Not surprising. The city of Dallas websites I use to pay my water bill and property taxes look like they were built with MS Frontpage 95. They are so bad I’m surprised they don’t require you to install a Java 7 client to interact with their website.

And Finally:

Douglby’s back on form

Previously in And Finally

You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.

Image sauce: JobsForFelonsHub.com (cc:by; leveled and cropped)

Recent Articles By Author

Original Post URL: https://securityboulevard.com/2023/05/dallas-royal-ransomware-richixbw/

Category & Tags: Analytics & Intelligence,Application Security,Cloud Security,Cyberlaw,Cybersecurity,Data Security,DevOps,Editorial Calendar,Endpoint,Featured,Governance, Risk & Compliance,Humor,Identity & Access,Identity and Access Management,Incident Response,Malware,Mobile Security,Most Read This Week,Network Security,News,Popular Post,Ransomware,Security Awareness,Security Boulevard (Original),Security Operations,Social Engineering,Spotlight,Threat Intelligence,Threats & Breaches,Vulnerabilities,Zero-Trust,Conti,Dallas,Dallas Police,Royal Ransomware,SB Blogwatch,Zeon Ransomware – Analytics & Intelligence,Application Security,Cloud Security,Cyberlaw,Cybersecurity,Data Security,DevOps,Editorial Calendar,Endpoint,Featured,Governance, Risk & Compliance,Humor,Identity & Access,Identity and Access Management,Incident Response,Malware,Mobile Security,Most Read This Week,Network Security,News,Popular Post,Ransomware,Security Awareness,Security Boulevard (Original),Security Operations,Social Engineering,Spotlight,Threat Intelligence,Threats & Breaches,Vulnerabilities,Zero-Trust,Conti,Dallas,Dallas Police,Royal Ransomware,SB Blogwatch,Zeon Ransomware

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

SANS
SANS Faculty Cybersecurity Free Tools – SANS Instructors have built more than 150 open source tools that support your work and help you implement better security.
SANS Faculty Cybersecurity Free Tools...
SentinelOne
90 DAYS A CISO´s Journey to Impact define your role !!
90 DAYS A CISO´s Journey...
WILEY
Cybercrime Investigators Handbook by WILEY
Cybercrime Investigators Handbook by WILEY
ACSC Australia
Cyber Incident Response Plan Template by ACSC & Australian Goverment
Cyber Incident Response Plan Template...
CISO Forum
CISO’s – First 100 Days Roadmap – Your success as a security leader is determined largely by your first 100 days in the role.
CISO’s – First 100 Days...
Microsoft
Microsoft 365 and the NIST Cybersecurity Framework
Microsoft 365 and the NIST...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...
Forrester - Allie Mellen
Adapt Or Die: XDR Is On A Collision Course With SIEM And SOAR – EDR Is Dead, Long Live XDR by Allie Mellen – Forrester
Adapt Or Die: XDR Is...
CYBER LEADERSHIP INTITUTE
CISO PLAYBOOK: FIRST 100 DAYS Setting the CISO up for success
CISO PLAYBOOK: FIRST 100 DAYS...

LASTEST PUBLISHED POSTS

National Security Agency
CSI Cloud Top10 Key Management
CSI Cloud Top10 Key Management
CSA Cloud Security Alliance
Defining the Zero TrustProtect Surface
Defining the Zero TrustProtect Surface
HANIM EKEN
CONTAINER SECURITY INTERVIEW QUESTIONS ANSWERS
CONTAINER SECURITY INTERVIEW QUESTIONS ANSWERS
CNIL
PRACTICE GUIDE GDPR – SECURITY OF PERSONAL DATA Version 2024
PRACTICE GUIDE GDPR – SECURITY...
PWNED LABS
Cloud Security Engineer Roadmap
Cloud Security Engineer Roadmap
tutorialspoint.com
Cloud Computing Tutorial Simply Easy Learning
Cloud Computing Tutorial Simply Easy...
SMITHA SRIHARSHA
CISSP Preparation Notes
CISSP Preparation Notes
CISSP Mind Map: All Domains
CISSP Mind Map: All Domains
Lansweeper
CIS 18 CRITICAL SECURITY CONTROLS CHECKLIST
CIS 18 CRITICAL SECURITY CONTROLS...
Semaphore
CI-CD with Docker and Kubernetes
CI-CD with Docker and Kubernetes
EC-MSP
BUSINESS CONTINUITY PLAN & DISASTER RECOVERY PLAN TEMPLATE
BUSINESS CONTINUITY PLAN & DISASTER...
PWC
Building a risk-resilient organisation
Building a risk-resilient organisation

More Latest Published Posts

40 under 40
40 under 40 in CyberSecurity 2024
40 under 40 in CyberSecurity 2024
HADESS
40 Days in DeepDark Web About Crypto Scam
40 Days in DeepDark Web About Crypto Scam
Everbridge
8 Principles of Supply Chain Risk Management
8 Principles of Supply Chain Risk Management
CHAOSSEARCH
Threat Hunter’s Handbook – Using Log Analytics to Find and Neutralize Hidden Threats in Your Environment
Threat Hunter’s Handbook – Using Log Analytics to Find and Neutralize Hidden Threats in Your Environment
ENDGAME
The Hunters Handbook Endgame’s Guide to Adversary Hunting
The Hunters Handbook Endgame’s Guide to Adversary Hunting
THE EU’S MOST THREATENING by EUROPOL
THE EU’S MOST THREATENING by EUROPOL
National Cyber Security Centre
Responding to a cyber incident – a guide for CEOs
Responding to a cyber incident – a guide for CEOs
IGNITE Technologies
CREDENTIAL DUMPING
CREDENTIAL DUMPING
HADESS
Pwning the Domain Lateral Movement
Pwning the Domain Lateral Movement
Jorgen Lanesskog
PING Basic IP Network Troubleshooting
PING Basic IP Network Troubleshooting
TELESOFT
Layer 7 Visibility What are the Benefits?
Layer 7 Visibility What are the Benefits?
TIGERA
Introduction to Kubernetes Networking and Security
Introduction to Kubernetes Networking and Security
Department of Defense's (DoD)
Defense Industrial Base Cybersecurity Strategy 2024
Defense Industrial Base Cybersecurity Strategy 2024
Dummies
Zero Trust Access for Dummies Fortinet
Zero Trust Access for Dummies Fortinet
Homeland Security
Zero Trust Implementation Strategy
Zero Trust Implementation Strategy
National Australia Bank Limited
Your Business and Cyber Security
Your Business and Cyber Security
CYFIRMA
Xeno RAT- A New Remote Access Trojan
Xeno RAT- A New Remote Access Trojan
IGNITE Technologies
Windows Persistence COM Hijacking MITRE T1546 015
Windows Persistence COM Hijacking MITRE T1546 015
IGNITE Technologies
Windows Exploitation Rundll32
Windows Exploitation Rundll32
IGNITE Technologies
Windows Exploitation Msbuild
Windows Exploitation Msbuild
HADESS
Web LLM Attacks
Web LLM Attacks
HADESS
Trended Protocols for Security Stuff
Trended Protocols for Security Stuff
Red Iberoamericana de Protección de Datos
Transferencia Internacional de Datos Personales – Guia de Implementación
Transferencia Internacional de Datos Personales – Guia de Implementación
CYFIRMA
TRACKING RANSOMWARE January 2024
TRACKING RANSOMWARE January 2024
https://www.linkedin.com/in/harunseker/
TOP Cyber Attacks Detected by SIEM Solutions
TOP Cyber Attacks Detected by SIEM Solutions
TRAVARSA
Top 100 Cyber Threats and Solutions 2024
Top 100 Cyber Threats and Solutions 2024
Top 50 Cybersecurity Threats
Top 50 Cybersecurity Threats
OWASP
Top 10 Considerations for Incident Response
Top 10 Considerations for Incident Response