Dallas ransomware attack facilitated by stolen account

Officials at the City of Dallas have revealed that all of its IT systems have been disrupted by the Royal ransomware operation in May through a stolen domain service account, BleepingComputer reports. After leveraging the stolen account to infiltrate the network of Dallas in early April, Royal ransomware sought to maintain access until early May, when it was able to exfiltrate 1.169 TB of files, according to a report by city officials. Ransomware payloads were then distributed by Royal ransomware, which encrypted servers through legitimate Microsoft administrative tools but immediate implementation of mitigation efforts allowed the city to restore all affected servers in just over five weeks. In a report to the Texas Office of the Attorney General, Dallas noted that 30,253 individuals had their data compromised as a result of the ransomware attack, 26,212 of whom were Texas residents. "The OAG's website indicated that personal information such as names, addresses, social security information, health information, health insurance information, and other such information was exposed by Royal," said city officials.