Inman

What agents need to know about spam ransomware campaigns

Volodymyr Krasyuk / Shutterstock.com

The real estate business involves intensive communication between real estate agents, brokers, sellers and buyers.

A great deal of this interaction takes place over email. Meanwhile, the present-day threats are increasingly harming businesses via email. In particular, that’s how the extremely dangerous crypto ransomware is circulating.

Ransomware arrives at computers mainly through plain spam or hacked email accounts. The criminals leverage both mass spamming and spear phishing campaigns hitting specific industries and companies.

How ransomware works

When building their customer networks, real estate brokers share their email details online or spread them to prospects and leads. Criminals hunt for such records.

Dumps of this data are available on the dark market. Perpetrators buy email account info and start to send out spam. Recent ransomware spreading campaigns generated around 4 million messages per week.

Although the typical spam message includes an invoice-related subject line, malicious messages targeting real estate professionals might try to trick readers into clicking on fake property info, property images, contracts or other official documents.

These dangerous messages might contain several different kinds of attachments. It might be a booby-trapped zip file with obfuscated malicious JavaScript code. Once the JavaScript runs, the ransomware is covertly downloaded from a remote server and executed.

Another vector of compromise relies on macros in Microsoft Office documents. When a user opens the rogue attachment, it appears to be blank or gibberish inside.

According to a misleading prompt, however, enabling macros will supposedly allow the user to see the content. What actually happens in this case, though, is the macros get exploited to download and run ransomware. This type of attack is intricate enough to evade antispam and antivirus filters. Even up-to-date systems are not bulletproof against such a compromise.

One more way of distributing ransomware is through malicious links. Even if your company uses the best real estate CRM or other enterprise level software and all communication is filtered for malicious attachments, criminals can deliver the virus with the help of a hyperlink.

They typically hack one agent’s email or social media account and start sending messages saying something like: “Click this link to see additional photos of the house.” These links point to compromised sites hosting exploit kits.

Some other ways of depositing ransomware loaders onto PCs include the use of FTP, mobile devices and cloud services such as Dropbox.

Important files, including images, documents, backups and databases, become encrypted in the course of a ransomware attack.

For example, the recent Cerber virus locates and encrypts hundreds of popular file types. When the crypto routine has been completed, the ransomware demands a payment to send you the decryption key.

How to protect yourself

There are a number of ransomware prevention and mitigation techniques. Although these countermeasures proved to be effective, even the best protection strategy might have exploitable flaws. Therefore, it is also imperative to make sure that all valuable files are backed up. In addition to backups, the following tips should help you enhance your security posture:

  1. Do not open files attached to emails from unfamiliar individuals.
  2. Make sure the backup drive is not mapped as a drive letter.
  3. Use whitelisting tools that only allow predefined processes to run by default.
  4. Keep Windows Firewall enabled.
  5. Consider disabling Windows Script Host.
  6. Use strong passwords for online accounts.
  7. Keep your antivirus, software and operating system up to date.

Although cyber criminals use the strongest encryption technologies, in some cases security researchers are able to decrypt files. Consider visiting some free tech support forums and ask for help there.

Remember that simply receiving a phishing email will not get you infected. The contamination only takes place if you actually open the rogue attachment. This is why basic security awareness matters in terms of ransomware prevention.

David Balaban is the editor at Privacy PC. Follow Privacy PC on Google Plus or Facebook.

Email David Balaban.