Royal ransomware group threatens to release sensitive information from City of Dallas
DALLAS (CBSNewsTexas.com) – More than two weeks after a crippling cyber attack on the City of Dallas, those responsible are now threatening to release personal information on thousands of employees.
Those employees include police officers who worry that, if it happens, it could make them targets for retaliation.
It's the first message from those behind the City of Dallas cyber attack since the initial ransom note received on May 3.
Royal posted a warning to the city that says stolen data will be released soon.
It describes that data as "...tons of personal information of employees (phones, addresses, credit cards, SSNs, passports), detailed court cases, prisoners, medical information, clients' information and thousands and thousands of governmental documents."
City leaders have insisted that no known personal data has been stolen.
But if it has and ever gets released, that's a major concern to veteran Dallas police officers like Terrance Hopkins.
"We put people in the penitentiary you could see where some of that or somebody comes back with a vendetta or wants revenge or something like that from just simply doing your job," Hopkins said.
Hopkins, who leads the Black Police Association, says the threat of retaliation by a leak of personal information is real.
"If you get the individual who is somewhat disturbed or in a particular mental state, that individual could come and try to harm you or your family," he said.
Hopkins says much of his police work is still hampered by the malware that the city's IT employees are slowly removing.
"A lot of that information is information regarding investigations, detectives notes, histories of individuals, files that help me do my job as a planner," Hopkins said.
Cyber security experts say the city's decision not to meet ransom demands could change depending on the amount of damage and if sensitive personal material has been stolen.
"So it looks like, yes the city has not paid yet, but that doesn't mean that they are not going to pay," said Dr. Bhavani Thuraisingham, a University of Texas at Dallas cyber security strategist. "If not, then there is a worry there is a worry, because if my sensitive data is out there in the hands of the hackers and they were to release it then I would be very worried."
Again, the city says there's no evidence so far that any information involving residents or employees has been stolen.
And as of Friday night, no city information has appeared on the Royal website.