By Joseph Menn
SAN FRANCISCO (Reuters) – Tyler Technologies <TYL.N> said the hacking attack against it disclosed Wednesday used ransomware, which encrypts company files and demands payment to decrypt them again.
In a statement to Reuters, the vendor of software to counties and municipalities said the hacker only reached internal networks.
Tyler said the attack had no impact on the software it hosts for clients, and the software it sells that displays election results is hosted by Amazon and so was not at risk.
“We have confirmed that the malicious software the intruder used was ransomware. Because this is an active investigation, we will not provide any additional specifics relating to our incident response or our investigation at this time,” said the company, based in Plano, Texas.
“All indications are that the impact of this incident is limited to our internal corporate network and phone systems, and that there has been no impact on software we host for our clients. Our hosted environment is separate and segregated from our internal corporate environment.”
The company said Wednesday it had notified law enforcement and brought in security specialists.
The hack prompted wide concern among local officials because some of Tyler’s programs are used to display election results, and U.S. intelligence agencies recently warned that foreign governments might try to sow mistrust by altering sites that report votes, which is seen as easier than changing the results themselves.
Some clients also said they were worried the hacker could use Tyler’s administrative access to breach local versions of its programs, such as those for dispatching emergency responders.
Though Thursday’s disclosures make those scenarios less likely, they do not rule them out. Some national governments have worked in league with ransomware gangs or used the malicious programs as cover for espionage or destructive missions.
Tyler, the FBI and the Department of Homeland Security all declined to answer questions on the extent of the hack, the risk of related breaches and the suspected identity of the perpetrators.
(Reporting by Joseph Menn; Editing by Chris Reese and David Gregorio)