After suffering a ransomware attack on Nov. 8, the Dallas Central Appraisal District (DCAD) was forced to pay $170,000 worth of Bitcoin.
The agency normally determines the value of the county’s real estate and personal property and determines the taxes that are needed to be paid. However, it experienced a two-month outage that caused a lot of frustration for real estate agents and homeowners alike.
The ransom was initiated by the Royal Ransomware group. Its original demands were for approximately $1 million USD paid out in bitcoin; however, after seeking help from the FBI and third-party experts, they were able to negotiate the final $170,000 price.
The Royal Ransomware group that perpetuated the attack emerged in 2022 and has been involved in numerous ransomware attacks, including attacks on telecommunications and healthcare services, and it rejects traditional ransomware-as-a-service business models. They’ve escaped detection so far by only partially encrypting their files in ways that evade most antivirus protections.
While the DCAD paid the ransom, recovered a lot of its digital infrastructure, and relaunched the website, it still has warned customers about disruptions in its email services.
“The Dallas CAD Emails have been down since November 8, 2022. If you sent an email to us after that date, please know that your email was not received and is not retrievable,” the DCAD said in a release.
It also told users that if they experience any problems, to reach out via phone instead of email. While the website has been republished, the DCAD is still rebuilding most of its major features.
“We continue working on our internal Mass Appraisal Records System (MARS), which is the software system for processing the majority of DCAD functions (appraised values, exemptions, ownerships, etc.). We anticipate that it will be operational in early February,” the DCAD said.
While people may argue about the morality of giving into ransom demands, the DCAD had over 90% of its data stored online and after working directly with the FBI believed it had no alternatives.
Investigations into the Royal Ransomware group continue internationally, however, the identities of the hackers are still unknown.
“We have updated our cyber security systems to minimize the likelihood of a cyber-attack in the future,” the DCAD said. “At this time our main agenda, focus, and resources are dedicated to the return all of our systems to full operation as soon as possible.”