Nearly a week has passed since Tyler Technologies announced a ransomware attack that disrupted its internal corporate network and phone systems.
While the company is still in the process of mitigating the cyberattack and systems outage, some Tyler customers reported several suspicious logins to client systems.
Although Tyler Technologies says that, “the environment where we host software for our clients is separate and segregated from our internal corporate environment,” the latest security update urges clients to reset remote support passwords.
“Because we have received reports of several suspicious logins to client systems, we believe precautionary password resets should be implemented,” reads the advisory. “If clients haven’t already done so, we strongly recommend that you reset passwords on your remote network access for Tyler staff and the credentials that Tyler personnel would use to access your applications, if applicable.”
Additionally, clients should report any suspicious activity or logins at Security@tylertech.com.
Tyler has also implemented additional security measures to protect its client systems. “We have disconnected points of access between Tyler’s internal systems and our client systems to further protect our clients,” the company added. “We have also enabled targeted monitoring of our corporate and hosted environments to supplement the monitoring we already had in place.”
The latest notification published on Sept. 27, provides insight into the attack’s impact on Tyler’s employee information. To date, there is no reason to believe that any human resources information was affected.
According to a brief Q&A list on the official website, the software used for Tyler’s financial management, payroll, and HRIS functions is housed outside its corporate network. There has been no evidence to suggest that the ransomware attack impacted the hosted environment.
The software vendor is working closely with the FBI to catch the perpetrators and has declined to provide additional information regarding the malicious infection.
“We have confirmed that the malicious software the intruder used was ransomware,” Tyler said. “Because this is an active investigation, we will not provide any additional specifics relating to our incident response or our investigation at this time.”