Skip to main content

Tyler Technologies tells users to change passwords after ransomware attack

(Image credit: Shutterstock / Askobol)

Tyler Technologies, one of the largest US public sector technology providers, has suffered a ransomware attack that disrupted operations, and may have resulted in the theft of remote access credentials, among other data.

The ransomware in question, dubbed RansomExx, terminates more than 280 security process on Windows devices, enabling hackers to gain access to a system and sift through files for sensitive or proprietary data, in the hopes of stealing, encrypting, and holding it for ransom.

While hackers may have been in the system for days or even weeks, as is often the case with ransomware attacks, Tyler Technologies only became aware of the problem late last week. An email was sent out to customers on the 23rd stating an "unauthorized intruder" had disrupted access to its internal systems.

Change passwords

Shortly after customers received news of the ransomware attack, Tyler was forced to send out another security email, this time advising clients of reports it had received concerning suspicious activity linked to Tyler remote-access credentials, which the company uses to provide technical support.

The email goes on to say that, although it was unable to pinpoint any malicious activity, the company recommended “precautionary password resets," to be safe.

“Given this new information … we strongly recommend that you reset passwords on your remote network access for Tyler staff, and the credentials that Tyler personnel would use to access your applications, where applicable,” wrote Tyler Technology CIO Matt Bieri, and urged clients to immediately report any suspicious activity.

While it’s unclear whether the ransomware attack and suspicious remote activity are related, it can’t be ruled out. The long investment in time put in by hackers when infiltrating a system and the high incentive for finding sensitive data means that few stones are left unturned, and this wouldn’t be the first time login credentials were stolen in an attack.

If the two are connected, then the same hackers who attacked Tyler may be able to gain access to clients’ systems as well. For this reason, all customers should update their passwords, and may want to use the opportunity to implement simple but effective security training.

Via BleepingComputer