• By the nature of their business, brokers and agents are easy targets for a new type of computer viruses called ransomware.
  • Email security is crucial in preventing ransomware attacks on real estate professionals.
  • A strong backup policy and procedures help overcome the consequences of ransomware attacks.

The real estate business involves intensive communication between real estate agents, brokers, sellers and buyers.

A great deal of this interaction takes place over email. Meanwhile, the present-day threats are increasingly harming businesses via email. In particular, that’s how the extremely dangerous crypto ransomware is circulating.

Ransomware arrives at computers mainly through plain spam or hacked email accounts. The criminals leverage both mass spamming and spear phishing campaigns hitting specific industries and companies.

[Tweet “Ransomware arrives at computers mainly through plain spam or hacked email accounts. “]

How ransomware works

When building their customer networks, real estate brokers share their email details online or spread them to prospects and leads. Criminals hunt for such records.

Dumps of this data are available on the dark market. Perpetrators buy email account info and start to send out spam. Recent ransomware spreading campaigns generated around 4 million messages per week.

[Tweet “Recent ransomware spreading campaigns generated around 4 million messages per week.”]

Although the typical spam message includes an invoice-related subject line, malicious messages targeting real estate professionals might try to trick readers into clicking on fake property info, property images, contracts or other official documents.

These dangerous messages might contain several different kinds of attachments. It might be a booby-trapped zip file with obfuscated malicious JavaScript code. Once the JavaScript runs, the ransomware is covertly downloaded from a remote server and executed.

Another vector of compromise relies on macros in Microsoft Office documents. When a user opens the rogue attachment, it appears to be blank or gibberish inside.

According to a misleading prompt, however, enabling macros will supposedly allow the user to see the content. What actually happens in this case, though, is the macros get exploited to download and run ransomware. This type of attack is intricate enough to evade antispam and antivirus filters. Even up-to-date systems are not bulletproof against such a compromise.

[Tweet “Even up-to-date systems are not bulletproof against ransomware.”]

One more way of distributing ransomware is through malicious links. Even if your company uses the best real estate CRM or other enterprise level software and all communication is filtered for malicious attachments, criminals can deliver the virus with the help of a hyperlink.

They typically hack one agent’s email or social media account and start sending messages saying something like: “Click this link to see additional photos of the house.” These links point to compromised sites hosting exploit kits.

Some other ways of depositing ransomware loaders onto PCs include the use of FTP, mobile devices and cloud services such as Dropbox.

Important files, including images, documents, backups and databases, become encrypted in the course of a ransomware attack.

For example, the recent Cerber virus locates and encrypts hundreds of popular file types. When the crypto routine has been completed, the ransomware demands a payment to send you the decryption key.

How to protect yourself

There are a number of ransomware prevention and mitigation techniques. Although these countermeasures proved to be effective, even the best protection strategy might have exploitable flaws. Therefore, it is also imperative to make sure that all valuable files are backed up. In addition to backups, the following tips should help you enhance your security posture:

  1. Do not open files attached to emails from unfamiliar individuals.
  2. Make sure the backup drive is not mapped as a drive letter.
  3. Use whitelisting tools that only allow predefined processes to run by default.
  4. Keep Windows Firewall enabled.
  5. Consider disabling Windows Script Host.
  6. Use strong passwords for online accounts.
  7. Keep your antivirus, software and operating system up to date.

Although cyber criminals use the strongest encryption technologies, in some cases security researchers are able to decrypt files. Consider visiting some free tech support forums and ask for help there.

Remember that simply receiving a phishing email will not get you infected. The contamination only takes place if you actually open the rogue attachment. This is why basic security awareness matters in terms of ransomware prevention.

[Tweet “Ransomware contamination only takes place if you actually open the rogue attachment.”]

David Balaban is the editor at Privacy PC. Follow Privacy PC on Google Plus or Facebook.

Email David Balaban.

Show Comments Hide Comments
Sign up for Inman’s Morning Headlines
What you need to know to start your day with all the latest industry developments
By submitting your email address, you agree to receive marketing emails from Inman.
Success!
Thank you for subscribing to Morning Headlines.
Back to top
×
Log in
If you created your account with Google or Facebook
Don't have an account?
Forgot your password?
No Problem

Simply enter the email address you used to create your account and click "Reset Password". You will receive additional instructions via email.

Forgot your username? If so please contact customer support at (510) 658-9252

Password Reset Confirmation

Password Reset Instructions have been sent to

Subscribe to The Weekender
Get the week's leading headlines delivered straight to your inbox.
Top headlines from around the real estate industry. Breaking news as it happens.
15 stories covering tech, special reports, video and opinion.
Unique features from hacker profiles to portal watch and video interviews.
Unique features from hacker profiles to portal watch and video interviews.
It looks like you’re already a Select Member!
To subscribe to exclusive newsletters, visit your email preferences in the account settings.
Up-to-the-minute news and interviews in your inbox, ticket discounts for Inman events and more
1-Step CheckoutPay with a credit card
By continuing, you agree to Inman’s Terms of Use and Privacy Policy.

You will be charged . Your subscription will automatically renew for on . For more details on our payment terms and how to cancel, click here.

Interested in a group subscription?
Finish setting up your subscription
×