Tyler Technologies, one of the largest US public sector technology providers, has suffered a ransomware attack that disrupted operations, and may have resulted in the theft of remote access credentials, among other data.
The ransomware in question, dubbed RansomExx, terminates more than 280 security process on Windows devices, enabling hackers to gain access to a system and sift through files for sensitive or proprietary data, in the hopes of stealing, encrypting, and holding it for ransom.
While hackers may have been in the system for days or even weeks, as is often the case with ransomware attacks, Tyler Technologies only became aware of the problem late last week. An email was sent out to customers on the 23rd stating an "unauthorized intruder" had disrupted access to its internal systems.
- Connect to Linux servers and workstations with the best Linux remote desktop clients (opens in new tab)
- Looking for the best free remote desktop (opens in new tab) solution?
- Get more done from home with these remote work essentials (opens in new tab)
Shortly after customers received news of the ransomware attack, Tyler was forced to send out another security email, this time advising clients of reports it had received concerning suspicious activity linked to Tyler remote-access credentials, which the company uses to provide technical support.
The email goes on to say that, although it was unable to pinpoint any malicious activity, the company recommended “precautionary password resets," to be safe.
“Given this new information … we strongly recommend that you reset passwords on your remote network access for Tyler staff, and the credentials that Tyler personnel would use to access your applications, where applicable,” wrote Tyler Technology CIO Matt Bieri, and urged clients to immediately report any suspicious activity.
While it’s unclear whether the ransomware attack and suspicious remote activity are related, it can’t be ruled out. The long investment in time put in by hackers when infiltrating a system and the high incentive for finding sensitive data means that few stones are left unturned, and this wouldn’t be the first time login credentials were stolen in an attack.
If the two are connected, then the same hackers who attacked Tyler may be able to gain access to clients’ systems as well. For this reason, all customers should update their passwords, and may want to use the opportunity to implement simple but effective security training.
- Secure your remote connections with the best free and paid remote desktop software (opens in new tab)
Via BleepingComputer (opens in new tab)