Ransomware Attack on Plano Tech Firm Highlights Key Issue Companies Need to Understand

By Brian Womack
Dallas Business Journal | November 15, 2020

Plano’s Tyler Technologies was hit by an attack that’s become increasingly common today.

The software company, which assists local and state governments, in September announced it was hit by a ransomware attack, and its corporate website was taken down. The Web page would come back up, but the impact to revenue would be about $4 million between late September and October, CEO Lynn Moore said during a call with analysts earlier this month.

The incident was another reminder of the growing issue around ransomware. A mid-year report by Bitdfender, a cybersecurity firm, said global ransomware reports increased by 715 percent. Also, through Sept. 1, ransomware was the most observed threat year to date with over one-third of all cases, according to the intake of cyber incident responses at Kroll, a risk-management company.

“Ransomware is a huge deal,” said David Deering, CEO at Leo Cyber Security, noting he wasn’t speaking about Tyler Technologies’ case in particular. “It is a significant risk to businesses.”

The incentives for such attacks aren’t abating – it’s something that more companies are focusing on, or should be, observers say.

Ransomware is a type of malicious software designed to deny access to a computer system or data until a ransom is paid, according to the Cybersecurity & Infrastructure Security Agency. It typically spreads through phishing emails or via an infected website.

“While ransomware started as a broadly deployed attack against consumers, attackers have begun to weaponize it in targeted attacks on companies and government entities,” said Randy Watkins, CTO at Plano’s CRITICALSTART, which provides assistance around cybersecurity. “Initially, encryption of the information was the goal, and ransom was paid for decryption, but new attacks also leverage data theft, or exfiltration, to increase the ransom amount over the threat of disclosure.”

At Tyler, an investigation indicated the incident was solely directed at the internal corporate environment and not the separate environment where it hosts client systems.

“Multiple resources have verified our ability to resume safe file sharing activities, connection to our internal networks, and normal operational interaction with clients,” the company said in an updated statement on its website recently. “All indications are that the impact of this incident was solely directed at our internal corporate network and phone systems – not Tyler client systems.”

Targets of ransomware can be broad. Kroll notes particularly hit areas include professional services, healthcare, and technology and telecommunications. And then there’s governments and schools, including Athens’ school district, according to a recent report.

Ransomware is becoming more of an issue, according to Toby Ryan, chief data scientist at Cysiv, a North Texas provider of security operations center (SOC)-as-a-service.

“It’s very easy to do,” Ryan said. “Ransomware is almost a commodity. The majority of ransomware ransoms are small, you know, $500,000.”

It can all lead to some nice pay-outs to cybercriminals, Deering said.

“It’s a very lucrative way for individuals to make money,” he said. “It causes a significant amount of concern inside of businesses — and one of the easy ways to do it is to pay them. There are pros and cons and arguments on both sides on whether or not you should pay …. but because it’s such acute pain, it is a way to monetize the softness of someone’s cybersecurity program.”

The attackers tend to be careful in who they attack, Deering said. They’re not just blindly sending out some emails, hoping something sticks. They focus on those who have access to real money – so small companies with a handful of employees may not be hit.

Companies need the right tools to protect themselves. A key issue: Getting buy-in from top folks in an organization.

“It’s a leadership problem,” Deering said. “Most people think it’s a technical problem. The programs that I’ve seen that are immature inefficient because of for poor business leadership.”

Prevention is important, and goes a long way, Ryan said, along with “understanding the behavior of malware, ransomware specifically, will help you find it.”

Ransomware isn’t a new issue – and it’s something more folks are likely to grapple with, observers said.

“With all things, it’s going to course-correct over time,” Ryan said.

“As long as the attackers are incentivized with the prize — as long as companies are paying it — then I think it’s going to keep going until something happens.”

Newsletter Signup

Stay up-to-date on the latest resources and news from CRITICALSTART.
Secure the Future of Cyber in an AI World. Upcoming Webinar - December 12
This is default text for notification bar