DALLAS (NewsNation) — The city of Dallas is restoring its computer systems after a group called “Royal” illegally attacked the city’s IT department on May 3, officials said.

Officials immediately shut down the city’s systems to stop the virus from spreading, and they have since been carefully scanning devices to make sure they can go back online without getting reinfected. They started with the city’s 911 dispatch system.

As of Tuesday afternoon, the City of Dallas says 911 calls are being entered into the computer assisted dispatch system. Dallas Police began automatically dispatching on Monday, and Dallas Fire Rescue is automatically directing calls to dispatch where it is available.

The city says it has maintained essential services for its residents since the attack.

The outage brought down its police department and city hall websites but didn’t appear to affect 911 calls. However, it caused problems with computer-assisted dispatch systems, impacting response times and delayed court systems.

Jim McDade, president of the Dallas Fire Fighters Association, told NewsNation that they’re communicating by radio instead of GPS. He says it’s confusing, taking longer to respond to calls and it could still be several days before it’s back to normal.

“You’re talking about the eighth largest fire department in the country that’s doing everything by hand right now so it’s a huge step backward,” McDade said.

During a city council’s public safety meeting on Monday, the city’s chief information officer Bill Zielinski gave an update, and council members shared how they want more investment in technology systems so they can be better prepared for future cyber attacks.  

It’s a sentiment experts echo; they said cities should practice a response plan.

“I would love to see these drills happen. We do this as a cyber security company because it’s always a question of what happens if everything shuts down. How do we respond? These are disaster simulations and that’s what we need to have in these municipalities,” said Rick Jordan, CEO of Reachout Technology.

The city said it doesn’t have any evidence that customer information has been leaked, but experts said that’s exactly what hackers are after and these attacks happen almost every day in cities across the U.S.

Ransomware involves hackers essentially holding a target computer or computer system hostage by encrypting its files and demanding payment, often via bitcoin. Ransomware can target individuals, businesses and governments alike.

Jordan says this incident was likely phishing, meaning someone clicked on a bad link, likely a long time ago. He adds hackers often watch, gather information, and wait for the right time to demand ransom.

The city said this is a criminal investigation and didn’t indicate whether any financial demands had actually been made or provide other details of the incident.