Recovery is a long and painful process.
In the immediate aftermath, the attack forced the city to take offline the police and fire department’s computer-aided dispatch system, the police department’s website and the city’s website. The city also closed its municipal court’s system. The city’s development services, public works, permitting and zoning couldn’t take applications or payments, nor could permits be issued.
“Unfortunately, mistakes have been made,” said Jim McDade, president of the Dallas Fire Fighters Association. “Some people have had difficulty getting in through 911, getting their calls answered in a timely manner, and then getting the proper equipment dispatched to them to take care of their emergencies. It’s impossible to know exactly how many mistakes were made.”
As of now, the computer-aided dispatch system is partially back online. The websites have been restored. Development services can accept payments, issue permits and receive plans electronically.
The municipal courts still cannot take payments in person, online or by phone, according to the court’s website. It also says there are “no court hearings, trials or jury duty until further notice.”
The situation’s far from normal for the police and fire departments.
Officers continue to handwrite reports. They still can’t use their in-car computers to check license plates or check for warrants, and instead they have to rely on dispatchers to do it for them.
“If you’re running a tag on a car, there may be a five or 10-minute delay,” said Sgt. Sheldon Smith, chapter president of National Black Police Association.
“If you run a person, you get that same type delay. Nothing is coming fast. Nothing,” he said.
[…]
Technicians are painstakingly checking every computer. As of Wednesday afternoon, for example, about 30 fire department devices had been found to be infected with the virus, so now they’re having to be wiped and reimaged.
See here for the previous update. There’s a lot of work still being done via analog means; Sergeant Smith is quoted elsewhere saying they’re “working like it’s 1965”. As I said before, my inference from this is that they are not going to pay a ransom but are instead trying to rebuild and restore from backup. This has clearly hit a few snags, not unexpected for a network that likely has a broad range of devices and systems, but it is progressing.
The most important thing at this point is to really understand the lessons of this attack, both in terms of how it happened and what needs to be done to prevent future occurrences, and how the recovery process can be improved for the future. As we well know in Houston, catastrophic outages can be caused by things other than hacker attacks. I hope local governments around the state are paying attention to this and taking their own lessons from it. This threat isn’t going away, we all need to be ready for its next appearance.
Pingback: Dallas data leak threatened by ransomware attackers – Off the Kuff