Tyler Technologies, a Texas-based data-collection company making products used by U.S. states and counties to distribute election data, announced an unknown party hacked its internal systems on Wednesday. The event occurred just after the FBI warned about potential election disinformation and cyberattacks.
Tyler Technologies confirmed the breach after a prior warning to its clients. It told Reuters that it did not believe clients’ software was breached, and that it had informed law enforcement. Along with other related tasks, Tyler’s programs are used by voting officials to display results.
As of Thursday morning, the company’s website was down.
The company, which did not say what systems had been breached, is also a primary city management programming provider, including emergency management for numerous U.S. counties and municipalities.
Tyler Technologies CIO Matt Bieri emailed clients confirming the investigation of a cyberattack: “Early this morning, we became aware that an unauthorized intruder had disrupted access to some of our internal systems. Upon discovery and out of an abundance of caution, we shut down points of access to external systems and immediately began investigating and remediating the problem. We have since engaged outside IT security and forensics experts to conduct a detailed review and help us securely restore affected equipment. We are implementing enhanced monitoring systems, and we have notified law enforcement.”
BleepingComputer reported evidence of ransomware, noting a RansomExx program as the culprit. “RansomExx is a rebranded version of the Defray777 ransomware and has seen increased activity since June when they attacked the Texas Department of Transportation (TxDOT), Konica Minolta, and most recently IPG Photonics,” wrote BleepingComputer’s Lawrence Abrams.
BleepingComputer discovered an encrypted file, which was uploaded to VirusTotal related to the Tyler Technologies attack: “This encrypted file has an extension of ‘.tylertech911-f1e1a2ac,’ which includes Tyler Technologies’ name and is the same format used in other RansomExx attacks. RansomExx does not have a ransomware data leak site, but that does not mean they do not steal unencrypted files before deploying their ransomware.”
The hack arrives as the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued a notice about “the potential threat posed by attempts to spread disinformation regarding the results of the 2020 elections.” They warned that “foreign actors and cybercriminals” could alter websites, and disseminate disinformation through social media, “in an attempt to discredit the electoral process and undermine confidence in U.S. democratic institutions.”
In concert with the FBI’s warning, President Donald Trump made on Wednesday a claim that the “ballots are a disaster” while also maintaining a noncommital stance on a peaceful transfer of power if he loses the presidential election in November.
It is unclear which “ballots” he is talking about, though mail-in voting has remained a major point of contention for Trump. Before the prior notice and the Tyler Technologies hack, U.S. intelligence and law enforcement officials had maintained, as recently as August, that there is no evidence that foreign actors are attempting to interfere with mail-in voting ahead of November’s election.
In a statement from August, a senior FBI official said: “The American public should rest assured that it is very difficult for a foreign adversary to meddle with actual vote counts.”