Government Software Supplier Hit By RansomwareTyler Technologies Urges Agencies to Reset Passwords After 'Suspicious Logins'
Following a ransomware attack last week that affected its corporate network and phone systems, Tyler Technologies, a supplier of software and services to local, state and federal government agencies throughout the U.S., is urging its customers to reset their passwords.
See Also: Top 50 Security Threats
In updates posted Saturday and Sunday, Tyler asked customers to reset their passwords as a precaution while the company and the FBI continue to investigate the ransomware incident.
"Because we have received reports of several suspicious logins to client systems, we believe precautionary password resets should be implemented," Tyler stated. "If clients haven't already done so, we strongly recommend that you reset passwords on your remote network access for Tyler staff and the credentials that Tyler personnel would use to access your applications, if applicable."
Plano, Texas-based Tyler noted that its internal corporate systems are separate from the software and platforms its supplies to its customers. For instance, the firm notes that its Socrata software-as-a-service platform, which provides dashboards that display aggregated data from other sources, is hosted on Amazon Web Services.
Other Tyler software platforms used by the company's clients are "maintained in entirely separate environments" and are segmented from the company's internal network, according to the update.
Tyler first reported the ransomware incident on Wednesday, and portions of the company's website have been offline since last week. In its notice, Tyler noted that the company is not releasing any details about the incident while the investigation continues.
In a series of updates, Tyler noted that the company first detected a cyber incident within its internal network on Wednesday and that, "out of an abundance of caution," it shut down access to external systems.
The company noted that the malware used in the attack was a ransomware variant, but it released no other details.
"We engaged outside IT security and forensics experts to conduct a detailed review and help us securely restore affected equipment," the company said. "We have implemented targeted monitoring to supplement the monitoring systems we already had in place, and we have notified law enforcement."
Over the weekend, after the company began noticing suspicious logins and customers also reported unusual activity, Tyler updated its statement to urge its users to reset passwords.
Brett Callow, a threat analyst at security firm Emsisoft, says it's surprising that Tyler didn't notify its clients sooner to reset their passwords.
"The incident is obviously concerning and, especially with the election looming, this is not the time that you want governments to be exposed to additional risk," Callow tells Information Security Media Group.
Tyler sells and maintains software platforms, including criminal justice, tax and enterprise resource management products, used by federal, state and local government agencies. The company does not make software used in voting machines.
Tyler's Socrata product, however, can be used to display election results. But it is not designed to tally votes, as some news reports have suggested, according to the company. "Users of our Socrata open data solution may use the platform to post election results, to promote transparency around campaign finance or to post information on polling dates and locations," the company said. "Very few Tyler clients enlist the application for this use."
While it's not clear if any information was stolen from Tyler, security researchers have noted an uptick in ransomware attacks that not only crypto-lock files but also exfiltrate data (see: More Ransomware Gangs Threaten Victims With Data Leaking).
In August, incident response firm Coveware released a report that found, of the thousands of ransomware cases the firm investigated in the second quarter of this year, 30% involved attackers threatening to release stolen data.
Since August, security researchers have also noted an uptick in ransomware attacks affecting schools districts, universities and other academic organizations in the U.S. and in Europe as well (see: Analysis: Online Attacks Hit Education Sector Worldwide).