Tyler Technologies ‘Strongly’ Recommends Customers Change Passwords After Ransomware Attack
Tyler Technologies says that only its internal network was ‘targeted’ in the attack but adds that there have been ‘several suspicious logins’ to customers’ systems so it is recommending they update their passwords.
Three days after an as-yet-unnamed ransomware syndicate targeted Tyler Technologies, and after repeatedly saying only the company’s internal network was targeted, Tyler Technologies is urging customers to change their passwords.
“Because we have received reports of several suspicious logins to client systems, we believe precautionary password resets should be implemented,” the company wrote in a guidance to customers. “If clients haven‘t already done so, we strongly recommend that you reset passwords on your remote network access for Tyler staff and the credentials that Tyler personnel would use to access your applications, if applicable.”
The latest guidance to customers around its ransomware attack—which still has the company’s website offline—came Saturday at 12:30 a.m.
Brett Callows, a security analyst at New Zealand-based vendor Emsisoft, said he was a little surprised the message to change passwords was not sent out immediately.
“The concern in incidents involving solution providers and MSPs is always that the threat actor may have been able to compromise clients’ networks,” he said in an email. “And this is especially true in the case of providers to public sector bodies at this particular point in time as threat actors may well see the upcoming election as a golden opportunity. What better time to extort money from a government by holding its systems hostage than when it needs those systems the most?”
CRN reached out to Tyler Technologies for comment but had not heard back at press time.
Tyler Technologies—which serves thousands of municipal, county and state governments—also sought to ease fears around its election aggregating software Socrata, which it said is housed on an Amazon Web Services server and has no exposure to the ransomware-hacked networks.
“Users of our Socrata open data solution may use the platform to post election results, to promote transparency around campaign finance, or to post information on polling dates and locations,” Tyler Technologies said. “Very few Tyler clients enlist the application for this use. … We have never had a report that a bad actor has used our Socrata platform to display incorrect or misleading election results, polling locations, campaign finance information, or other civic data.”
Tyler Technologies finally admitted to being hit with ransomware on Thursday, a day after cybersecurity blogger Brian Krebs wrote a story saying its network appeared to have been ransomed, and gathering comments from unnamed Tyler Technologies customers saying they were having trouble logging into some systems.
Tyler Technologies has continued to state that the software solutions are housed on a separate network and were not impacted.
“This incident was directed at Tyler‘s internal corporate environment and not the separate environment where we host client systems,” the company wrote. “We have disconnected points of access between Tyler’s internal systems and our client systems to further protect our clients. We have also enabled targeted monitoring of our corporate and hosted environments to supplement the monitoring we already had in place.”
Tyler Technologies serves 15,000 customers around the world but focuses primarily on state and local government customers. The company offers dozens of solutions for courts, police, EMS, fire departments, probation, as well as resources to pay parking tickets and water bills.
The company bought Socrata, an advanced AI platform in 2018, which extracts information from municipal systems to give decision-makers actionable datasets used in urban planning. A part of that includes data from elections departments, raising the concern that ransomware actors could be attempting to tamper with elections.