A major software provider to U.S. city and county governments was hacked, the company said in an email to government clients.
Plano, Texas-based Tyler Technologies, which provides software and network services to dozens of counties and cities across the country, learned of a “security incident” on its computer systems on Wednesday, Chief Information Officer Matt Bieri said in an email to Clients Reviewed by NBC News.
In an update posted to its website on Thursday, the company said it had been infected with an unnamed strain of ransomware.
The company “is in the process of responding to a security incident involving unauthorized access to our internal telephony and information technology systems by an unknown third party,” the site said.
The company is focused on providing administrative and tax services to counties. While it doesn’t work directly in election software, its products can be used to publish information about the results and location of polling stations, the company said.
And while there is no evidence the attack has spread to counties that work with Tyler, it provides yet another warning that election interference can occur unexpectedly.
Counties typically share all of their services, including electoral systems, on the same network, which means that a ransomware infection can make this information inaccessible as well.
The Cybersecurity and Infrastructure Security Agency, which advises counties and other government entities involved in the elections, declined to comment. But in an unrelated joint statement to the FBI on Thursday, the agencies said, “Cyber actors continue their attempts against electoral systems that register voters or record voter registration information, manage electoral processes without a vote, or provide informal reports on election night.
“These attempts could render these systems temporarily inaccessible to election officials, which could slow down, but not prevent, voting or the communication of results,” the warning said.
Tyler Technologies employees did not respond to requests for comment. The company hired outside security consultants and notified law enforcement, Bieri wrote in his email.
County and local governments have been frequent victims of ransomware in recent years. Federal officials have repeatedly warned that understaffed counties are particularly easy targets and that attacks can wreak havoc during an election.
While hackers have little ability to alter votes, even taking electronic ballots offline and forcing a county to use hard copies could dramatically increase the time it takes to vote.
Several countries that use Tyler Technologies’ software have said they have seen evidence that they have been affected by ransomware. Attacking a company that manages software for multiple customers is a common way to spread ransomware.
In June, a sample file named “.tylertech911-f1e1a2ac” was uploaded to VirusTotal, a repository used by cybersecurity researchers to share information about malware. The naming convention indicates that the hackers used a relatively new strain of ransomware called RansomExx to target Tyler Technologies, said Brett Callow, analyst at cybersecurity firm Emsisoft.
“While that doesn’t prove Tyler Tech was a victim of RansomExx, it’s definitely a strong indicator,” he said.
These companies “are generally able to remotely access their customers’ networks,” Callow said. When a person is infected with ransomware, “they may be able to exfiltrate and encrypt data on these networks.”
“There have been several examples of this type of compromise over the past 12 months,” he said.