Tyler Technologies confirms cyberattack was ransomware
Local-government IT services provider Tyler Technologies confirmed Thursday that a cyberattack it reported experiencing Wednesday was the result of a ransomware infection.
In an updated statement posted on its website — which otherwise remains offline — Tyler said that the attack, which disabled its phone systems and other internal IT capabilities, was detected early Wednesday morning, after which the company proceeded to shut down access points to its internal systems.
Tyler did not name the type of ransomware found on its systems, citing ongoing investigations by law enforcement and third-party forensics teams, although Bleeping Computer reported that the incident involved the RansomExx malware, which has previously been seen in attacks on the Texas Department of Transportation and several other corporate victims.
The Tyler statement also read that there is no current evidence that the ransomware attack spread beyond the company’s networks to any of its thousands of local government clients.
“Based on the evidence available to-date, all indications are that the impact of this incident is limited to our internal corporate network and phone systems, and that there has been no impact on software we host for our clients,” the statement read. “Our hosted environment is separate and segregated from our internal corporate environment.”
Tyler is still making available its customer support portal, which appears to be hosted in a Microsoft environment. The company also said it plans to issue additional updates as the recovery from the attack continues.
The company also addressed some early reports that described its products as being used in elections. While some customers of Tyler’s open-data tools use its software to aggregate campaign finance reports and historical election data, Tyler is not a vendor of products used in the actual administration of the voting process.
“None of our products is a system of record for voting or any other election- or voting-related activities,” the company said, adding that its open-data software is hosted on an Amazon Web Services cloud, not any internal server.