Tyler Technologies informs customers that they need to change the passwords of the remote access accounts since suspicious connections have been made which have been reported to the company.
Last Sunday, we informed you that government technology service provider Tyler Technologies was attacked by ransomware.
This attack was carried out by RansomExx / Defray777, which encrypted the company's devices and interrupted operations.
Remote support accounts used on suspicious connections
Some customers create accounts that Tyler Technologies staff use to gain remote access to their network.
In an email sent last night by Tyler Technologies - and it reached the hands of Bleepingcomputer - CIO Matt Bieri warns customers that the "Tyler credentials" used for remote access reported to be used to make suspicious connections.
"We apologize for the inappropriate time, but we wanted to inform you about something serious as soon as possible. We recently learned that two customers using Tyler remote access credentials reported suspicious connections to their systems. Although no malware has been reported activity in customer systems and we were unable to investigate or identify them details about these connections, we wanted to let you know right away so you can protect your systems, ”he said. e-mail sent to Tyler Technology customers by CIO Matt Bieri.
It is not known if these suspicious activity reports are related to the recent ransomware attack, but to be safe, advise their customers to change all account passwords used by Tyler Technologies.
"Given this new information and if you have not already done so, we recommend that you reset the remote access passwords for Tyler staff and credentials that Tyler staff would use to access your applications wherever possible. We do not have enough information to find out if the suspicious activity reports are related to the ongoing investigation into unauthorized access to Tyler's internal systems, we believe that prudential resets need to be made passwords", Said the email.
Bieri asks all customers who find suspicious connections to report them immediately to Tyler Technologies.
Could intruders have access to customer networks?
When human ransomware attacks are carried out, intruders are usually online for days, if not weeks, before they develop ransomware and encrypt the devices.
To be secure, all customers must immediately change the passwords to the accounts used by Tyler Technologies staff to access their network.