When Ransomware Strikes the Supply Chain, Change Your Passwords

Tyler Technologies, a very large technology provider for the U.S. public sector, was impacted by a ransomware attack last week. It is reported that RansomExx ransomware was responsible for the attack. According to the same report, RansomExx is a rebranded version of the Defray777 ransomware and has seen increased activity since June when they attacked the Texas Department of Transportation (TxDOT), Konica Minolta, and most recently IPG Photonics. Despite initial downplaying of the incident, activity discovered over the weekend prompted the company to urge clients to change passwords associated with Tyler’s remote support systems. Subsequently, there have been recent reports of the “Bomgar” jump client being installed on clients’ servers. According to its website, Tyler Tech provides more than fifty types of web-based applications to the U.S. public sector, including cyber-security solutions, tax and billing software, and entire city staff management systems, known as “Munis,” just to name a few. Given its managed services provider (MSP) status and Tyler Tech’s Texas nexus, this incident feels slightly reminiscent of the spate of ransomware attacks in August 2019 that swept across the state impacting at least twenty municipalities after infecting a single technology services provider. Note: there has been some reporting and related controversy that Tyler Tech’s services also include support surrounding elections reporting. Nonetheless, given Tyler’s close association to “Munis,” members are encouraged to evaluate any potential relationship to this supply chain entity and act accordingly. The importance of supply chain risk management cannot be overstated and is covered in #13 – Secure the Supply Chain in WaterISAC’s 15 Cybersecurity Fundamentals for Water and Wastewater Utilities. Likewise, members can read more about Developing a Supply Chain Risk Management Program in the Security & Resilience Update for August 27, 2020. Read more at BleepingComputer.