Tyler Technologies paid the hackers ransom for a decryption key to recover the encrypted files in a recent ransomware attack.
Tyler Technologies says it is the largest public sector software company in North America, with revenues of more than $ 1,2 billion by 2020 and 5.500 employees.
On September 23, Tyler Technologies suffered a attack by RansomExx ransomware operators, who were also behind recent attacks on Konica Minolta and IPG Photonics.
In response to the attack, Tyler Technologies immediately "disconnected" parts of its network to limit the spread of ransomware and limit the exposure of its customers.
"Early this morning, we realized that an unauthorized intruder had cut off access to some of our interiors. systems. After the discovery and with great care, we closed the access points to external systems and immediately began the investigation and restoration of problem, ”Said the email sent by CIO Matt Bieri to customers.
The attack disrupted Tyler Technologies operations, was localized and did not spread to their customers.
Public sources have told BleepingComputer that the ransomware attack severely affected Tyler Technologies and that the company expected it would take thirty days to fully recover the functions her.
A ransom was paid to obtain a cryptographer
A source told BleepingComputer that Tyler Technologies paid the ransom demanded by RansomExx hackers to recover its encrypted data.
However, it is not known how much was paid to obtain the decryption key.
When ransomware encrypted Tyler Technologies files, they added an extension similar to ".tylertech911-f1e1a2ac".
To prove that the decryptor was valid, BleepingComputer was able to decrypt encrypted files uploaded to VirusTotal at the time of the ransomware attack.
When decrypted, the Arin.txt file contained a list of "IP ranges" used by the company.
RansomExx is also known to steal data before encrypting devices on a network. The ransomware operators then threaten to release these stolen items data, unless the victim pays the ransom.
Since many school groups, judicial systems and local governments in the United States are customers of Tyler Technologies, the danger leakage from the sensitive public information and source code is worrying.
This concern may have been a driving force in decision of ransom payment.
When asked about the payment, Tyler Technologies did not dispute that it paid the ransom, but told BleepingComputer that it could not disclose further information at this time.