Tyler Technologies, a major source of U.S. government software, has come under attack by ransomware. In a tweet dated Sept. 23, the company stated that they were aware of what they deemed a “network issue.” Following this, according to reports at Bleeping Computer, Tyler Technologies’ CIO Matt Bieri sent out a mass email alert to clients. The email spoke in detail about what was now deemed to be a major security incident. An excerpt of this email can be read below:
Early this morning, we became aware that an unauthorized intruder had disrupted access to some of our internal systems. Upon discovery and out of an abundance of caution, we shut down points of access to external systems and immediately began investigating and remediating the problem. We have since engaged outside IT security and forensics experts to conduct a detailed review and help us securely restore affected equipment. We are implementing enhanced monitoring systems, and we have notified law enforcement.
Other details of the investigation were not made public, such as the identities of the attackers or how they gained access. Despite this, Bleeping Computer was able to obtain information from those close to the case. According to anonymous sources, the RansomExx ransomware was to blame for the attack and subsequent shutdown of critical functions at Tyler Technologies. According to Reuters, Plano, Texas-based Tyler is a “major provider of emergency management and other programs” and its software and products are used by states and counties to share election data.
RansomExx is a ransomware that is a rebranded version of the Defray777 ransomware. The ransomware utilizes AES-256 and RSA-2048 algorithms to encrypt files. Additionally, the infection is usually caused by malicious .doc files, usually spread through email. RansomExx does not steal unencrypted documents, at least to the best of researchers’ knowledge, before infection.
Since this is an ongoing incident, and much of the information in an investigation will change as it progresses, any significant updates will be reported on.
Featured image: Shutterstock