Have you been following the news abut the ransomware attacks worldwide? Ransomware is a threat to the security of your business data, computer system, local REALTOR^® association and MLS, and it also can impact other aspects of your life including the gas in your car and the meat on your table. Hackers from Russia and former Soviet bloc countries have been breaking into private computer systems with increasing frequency to the extent this has become a national security issue in 2021. 

In recent months, ransomware gangs have launched several high-profile attacks, including on major fuel supplier Colonial Pipeline, meat processor JBS with several facilities in Wisconsin, schools working virtually in the midst of a pandemic, and hospitals such as Universal Health Systems where nurses resorted to pen and paper. Then there was the REvil ransomware attack on Kaseya, a company that provides remote management software. Sixty of its managed service providers and 1,500 of their small business clients worldwide were impacted. On its dark website, REvil offered Kaseya a universal decryptor software key that would unscramble all affected machines in exchange for $70 million in cryptocurrency. Most recently Cloudstar, a cloud-hosting service for several real estate-related industries, became the victim of a highly sophisticated ransomware attack on July 16, 2021. Cloudstar operates five data centers and provides support to more than 42,000 title insurance, mortgage and other professionals throughout the U.S. Commentators have noted this appears to be an emerging trend in ransomware attacks where hackers disrupt industries’ infrastructures rather than targeting individual businesses.

Ransomware

Ransomware is an extremely lucrative type of cybercrime. Hackers use malicious software to encrypt a victim’s files or lock an operating system and demand a ransom payment to make them functional again. Sometimes the hackers will steal and threaten to publish sensitive files if their demands are not met. Ransomware is designed to spread across a network and target database and file servers, so it can quickly paralyze an entire organization. But ransomware also can target individuals and companies of all sizes.

Ransomware attacks have grown rapidly in recent years. American victims lost an estimated $1.4 billion in 2020. Criminal hackers, often based in countries like Russia where they are largely protected from U.S. law enforcement, have targeted practically every major industry to shake down victims for payment. The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbor ransomware criminals.

Protecting against ransomware 

First it is important to understand how cybercriminals get into a computer system. Ransomware infections are initiated in various ways. 

The most common means of infection according to the FBI’s 2020 Internet Crime Report are:

• Email phishing campaigns: The cybercriminal sends email containing a malicious file or link that deploys malware when clicked by a recipient. Once they’ve gained access, criminals may also use a victim’s email account to further spread the infection. 
• Remote Desktop Protocol (RDP) vulnerabilities: RDP is a proprietary network protocol that allows individuals to control the resources and data of a computer over the internet. Cybercriminals have used both brute-force methods, using trial-and-error to obtain user credentials, and credentials purchased on dark web marketplaces to gain unauthorized RDP access to the victim’s systems. Once they have RDP access, criminals can deploy their malware. 
• Software vulnerabilities: Cybercriminals can take advantage of security weaknesses in widely used software programs to gain control of the victim’s systems and deploy ransomware.

Accordingly, the following factors might make you the target of a ransomware attack:

• Device that is no longer state-of-the-art
• Device with outdated software
• Browsers or operating systems that are no longer patched (updated)
• No proper backup 
• Insufficient attention to cybersecurity

Tips to prevent a ransomware infection:

• Never click on unsafe links: Avoid clicking on links in spam messages or on unknown websites.
• Avoid disclosing personal information: If you receive a call, text message or email requesting personal information, do not reply.
• Do not open suspicious email attachments: Avoid opening any dubious-looking attachments. To make sure the email is trustworthy, pay close attention to the sender and check that the address is correct. Never open attachments that prompt you to run macros to view them.
• Never use unknown USB sticks: Never connect USB sticks or other storage media to your computer if you do not know where they came from. Cybercriminals may have infected them.
• Keep your programs and operating system up to date: Regularly updating programs and operating systems helps to protect you from malware. Use the latest operating software and security patches.
• Use only known download sources: Never download software or media files from unknown sites. Make sure the browser address bar of the page you are visiting uses “https” instead of “http.” A shield or lock symbol in the address bar can also indicate the page is secure. 
• Use VPN services on public Wi-Fi networks:  To stay protected, avoid using public Wi-Fi for sensitive transactions or use a secure Virtual Private Network (VPN).
• Back up data: Make sure critical data is always backed up in case your computer becomes infected with ransomware and decryption is impossible. Use an external hard drive and disconnect it from your computer after creating the backup.
• Consider cloud technology: A secure cloud storage system helps protect files should there be a cybersecurity breach.
• Make sure your insurance includes cyber liability coverages: Insurance coverage may be available to help mitigate the damages of a cyberattack or wire fraud incident.
• Raise employee awareness: Implement a security protocol that enables employees to assess whether an attachment, link or email is trustworthy.

As reported by the Federal Bureau of Investigation Internet Crime Complaint Center IC3, 13,638 people in the United States were victims of real estate/rental fraud in 2020, a 16.7% increase in victims from 2019. Combined, these people lost over $213 million. In Wisconsin, 8,308 reported victims lost a total of $36,081,681. 

To see the 2020 Internet Crime Report, to file a complaint or for more information, visit www.ic3.gov. 

Wire fraud has not gone away

In 2020,  a California professor found the perfect $1.4 million home for his family of six. He wired $921,235.10 from his account for closing. Two days later, the mortgage company asked where the money was. You know the rest of the story. They had been hit by real estate wire fraud. The homebuyer apparently was having an email conversation with his real estate agent and representatives from the title company. Hackers somehow inserted themselves into the conversation, using email addresses designed to look like one or more of the participants in the deal. As a result, every time they sent an email, they were communicating with the criminals. The fraudsters emailed digital copies of the real closing documents and wire instructions that looked real from the fake email account. The closing documents were real, but the wiring instructions contained the wrong account information. The banks involved did not verify the account before processing the transfer because there is no federal law that requires them to do so. 

According to the FBI, consumers lost more than $220 million in schemes like this by October 2020, a 13% increase from the same period in 2019. But this particular story had a happy ending. Incredibly, the bank was able to get the buyer’s money back.

Real estate transactions continue to be an attractive target for sophisticated fraud scams. Cybercriminals identify a pending sale transaction and build a profile of the parties including the title company, real estate agents, and the buyer and seller. They hack into one or more parties’ email accounts and monitor email traffic for their opportunity to strike, usually sending false wire instructions. 

Other real estate scams 

Other cyberscams described in the FBI report include “bait and switch” where a buyer with an accepted offer will come back and tell the seller that they need to dramatically reduce the price because of excuse A and B. Once that is agreed to, they may come back again asking for a second price reduction. 

Fake or fraudulent listings are familiar to many Wisconsin practitioners. The crooks find a property for sale, use the information and photos from that listing, and post it on Craigslist or another site for rent. Many REALTORS^® have discovered that information from their listings is being used to create fake Craigslist rental listings. Potential tenants may be asked to provide private personal information on an application such as the applicant’s Social Security number and bank account information, and are directed to wire deposit money, often overseas.

Resources from the WRA 

Wisconsin Real Estate Magazine:

• December 2018: “This Is Not Test: Cybercrime Is real,” at www.wra.org/WREM/Dec18/Cybercrime
• October 2017: “The Risks of Sending Wire Transfer Instructions,” at www.wra.org/WREM/Oct17/WireTransferFraud

Legal Update:

• February 2017, “Combating Cybercrime Concerns,” at www.wra.org/LU1702

LegalTalks:

• Wire Transfer Fraud with Debbi Conrad: www.wra.org/LegalTalks/WireTransferFraud

Resources from NAR:

• Protecting Your Business and Your Clients from Cyberfraud handout: www.wra.org/CyberfraudProtection
• New Cyber Liability Insurance Member Benefit: www.nar.realtor/realtor-benefits-program/risk-management/cyberpolicy

Cybercrime can be devastating to real estate professionals and their clients. The tried-and-true “Cybersecurity Checklist: Best Practices for Real Estate Professionals” offers some best practices to help you curb the risk of cybercrime. 

See NAR’s checklist: www.wra.org/CybercrimeChecklist

Debbi Conrad is Senior Attorney and Director of Legal Affairs for the WRA.