Another Day, Another Channel Ransomware Victim

Tyler Technologies, No. 46 on the 2019 CRN Solution Provider 500, became the latest solution provider to be hit with ransomware Wednesday in an attack that crippled the company’s internal corporate network and phone systems and still has Tyler’s website down two days later.

The Plano, Texas-based government service provider was hit by RansomExx ransomware (previously known as Defray777), according to BleepingComputer, which was also used in attacks this summer against the Texas Department of Transportation, Konica Minolta, and IPG Photonics. Tyler confirmed the intruder used ransomware, but said it wouldn’t provide any additional specifics around its investigation.

The attack against Tyler Technologies comes just months after vicious ransomware infections hobbled three of the world’s 20 largest solution providers – Cognizant, Conduent and DXC Technology. All told, the four solution providers that succumbed to ransomware in 2020 have combined revenue of $41.93 billion and a joint market cap of $54.36 billion.

CRN spoke with more than a dozen threat research experts about how ransomware burst onto the scene, why adversaries began targeting solution providers, what caused some ransomware operators to forgo attacks against small MSPs in favor of hitting massive systems integrators, and key similarities and differences between the two groups most likely to go after the channel: Maze and REvil. Here’s what we found.