Tyler Technologies Reportedly Paid Ransomware, Like Many Other Victims, Expert Says

‘Contemporary cybercrime is no longer dominated by novices. Rather, career criminal enterprises employ the best strategies to ensure the victims are unable to recover from a ransomware incident without a secret key that only they hold,’ says Vitali Kremez, an ethical hacker and CEO of Advanced Intelligence LLC.

Tyler Technologies reportedly paid the ransomware that locked up its internal network and downed its phone and email systems last month, according to a published report.

Tech news website Bleeping Computer, citing a source, said the Plano, Texas provider of software to state, county, and municipal governments in all 50 states and around the world, paid the ransomware actors behind its attack an unknown sum to restore the systems.

The massive government-focused solution provider -- No. 46 on the 2019 CRN Solution Provider 500 -- declined to comment to CRN, citing the sensitivity of the information involved. If the company did comply with the ransomware demands, it would join a majority of victims who simply pay up, when they are hit with ransomware, said Vitali Kremez, an ethical hacker and CEO of Advanced Intelligence LLC.

“Basically, almost in all the cases, they pay them off,” Kremez told CRN. “There’s no recovery method. There’s no technical help that we can provide to businesses, outside of improving the security posture, because the ransomware has been developed with cryptographically sound algorithms.”

Based on a deep dive into the data that Kremez and his team did, the public is generally only aware of about 10 percent of ransomware attacks that happen, giving rise to speculation that most victims never seek help and simply pay threat actors to retrieve their data.

“Contemporary cybercrime is no longer dominated by novices,” he said on Monday. “Rather, career criminal enterprises employ the best strategies to ensure the victims are unable to recover from a ransomware incident without a secret key that only they hold.”

By targeting large, U.S. solution providers such as Tyler, criminals have found victims wary of negative press, and with sensitive information regarding thousands of customers.

“Ransomware is the new gold rush, so to speak, in the crime world,” Kremez said. “Not only ransomware, but ransomware leaks as well. That’s the era we live in now.”

Tyler Technologies was hit with ransomware early Sept. 23. The attack crippled the company’s website, email and phone systems, however the malware did not appear to spread to any customer systems.

Shortly after the intrusion, Tyler turned its website into an information portal for news about the attack. After two and a half weeks, and frequent updates, the company said it appears the spread of ransomware was contained to its internal systems only, meaning it did not hit any of the software solutions it has deployed into state or federal government.

“Based on all of the evidence gathered to date through our around-the-clock response efforts, all information available to us continues to indicate that this incident was directed at Tyler‘s internal corporate environment and not the separate environment where we host client systems,” the company said in part of a statement that was updated Monday. “In addition, our Socrata platform is hosted offsite on AWS (Amazon Web Services), and our Tyler Federal (Entellitrak, Versa, CAVU, ACO, GA Courts, and DCM clients) and Tyler Detect cybersecurity platforms are maintained in entirely separate environments. There is no evidence of any impact on those environments whatsoever.”