Tyler Technologies, the US government's top technology service provider, was attacked by ransomware, which resulted in its suspension. Tyler Technologies is one of the largest development companies software and U.S. technology services. The company that provides techniques services for local governments in many US states, it employs 5.500 people, and its revenue for 2020 is projected to reach about $ 1,2 billion.
The official site of the company started displaying a maintenance message while its account at Twitter wrote that the company's systems were experiencing some technical problems.
In addition, Matt Bieri, CIO of Tyler Technologies, sent e-mail to the company’s customers, informing them that the company is currently conducting an investigation into a cyber attack which affected its telephone and IT systems, also pointing out that it has already notified the authorities of the incident, while at the same time collaborating with independent IT specialists.
Bieri also states in the relevant email that yesterday morning the company discovered that an unauthorized intruder interrupted the access in some of its interiors systems. Thus, the company closed the access points to external systems and immediately began work to investigate and correct the problem. In addition, security experts assist the company in investigating the incident and in the safe restoration of the affected equipment. The company also implements improved monitoring systems. Bieri also said that current investigations show that the attack was limited to the local network of Tyler Techonologies.
In posts at forum of the California Municipal Information System (MISAC) received by BleepingComputer, users have heard that Tyler Technologies was attacked by ransomware that affected the phone ticketing system and technical support systems. However, according to reports, the ransomware attack does not seem to affect the company's customers.
Security investigators say the US government's technology service provider has been attacked by RansomExx ransomware. RansomExx is a variant of the Defray777 ransomware and has been active since June, when operators attacked the Texas Department of Transportation (TxDOT), Konica Minolta and most recently IPG Photonics.
BleepingComputer has detected an encrypted one file which was uploaded to VirusTotal yesterday regarding that attack. This encrypted file has an extension «.Tylertech911-f1e1a2ac» and includes the name of Tyler Technologies, while it is the same format used in others attacks of RansomExx. The RansomExx gang has no leak site data, but this does not mean that it does not steal unencrypted files before developing its ransomware.