SAN FRANCISCO (Reuters) – Software vendor Tyler Technologies said Saturday that some of its customers have reported suspicious logins in the days since Tyler warned that it had been hacked with ransomware.
In a post on its website and an email to customers, which include many U.S. counties and cities, Tyler said it had “received reports of several suspicious logins to client systems.”
The company, which had said Wednesday that the hack appeared confined to its internal network, on Saturday urged clients to reset passwords that Tyler staff would use to access customer versions of its software.
Tyler provides a wide range of software to local governments, including programs to dispatch police in emergencies and to display local information, including election results. Those programs do not tabulate the votes themselves.
Tyler said it is cooperating with the FBI, which has declined to comment. It declined to say which customers had detected improper logins or when those suspected intrusions occurred.
A great number of criminals use ransomware to encrypt a target’s files and demand payment, and many city departments have been forced to pay thousands or even millions of dollars in the past few years.
Because many counties run elections, the Department of Homeland Security has warned generally that ransomware that strikes them could disrupt voting, or use that threat to extort more money.
In addition, some major criminal groups and countries have used ransomware as a distraction while they remove data or destroy it.
The Department of Homeland Security did not immediately return a message seeking comment.
Reporting by Joseph Menn; Editing by Daniel Wallis