A month after the city of Dallas experienced a ransomware attack that took down major city services, city officials have announced that they have made significant progress, but there is still a substantial amount of work left to be done.

The Royal ransomware attack on May 3 affected services such as 311 (for non-emergency services), public libraries, animal shelters, safety departments, and online payment systems, though the Dallas IT team has now restored 90% of the network, it said. 

The threat actor responsible for the attack, Royal ransomware, threatened to leak sensitive private data if a ransom wasn't paid by the city, though any threats made have yet to come to fruition. In the meantime, during this period of recovery, officials have boosted the software and functionality in many of the city's public departments.

"Our staff has worked tirelessly to restore and rebuild systems and return all systems to full functionality as quickly and securely as possible. At this time, we are more than 90 percent restored, with most public-facing services restored," the city of Dallas said in a statement. "We continue working diligently to restore full functionality as quickly as possible and will continue to keep the community informed with relevant updates throughout this process."

The city's update to residents also added that rebuilt and restored systems include the Dallas Water Utilities' payment and meter reading system as well as the Dallas Municipal Court. Dallas Public Library systems remain in the process of being restored and upgraded.

"We continue to work with our cybersecurity experts on additional steps to further enhance our security posture, including implementing additional cybersecurity software, deploying a system-wide reset across all user accounts, expediting the implementation of additional controls, and completely rebuilding impacted systems in a new, secure environment,” the update from the city of Dallas said. “We appreciate our community’s patience as we continue investigating and addressing this matter.”

The scope of the attack as well as what has yet to be restored has not been disclosed to the public.