WASHINGTON – To say that ransomware is a growing cyber threat is an understatement. Ransomware — cyberattacks in which cybercriminals use malicious software to seize control of computers and network systems, encrypt data, and then demand payment to release control of the data and computer systems — is driven by low prosecution rates and the willingness of many victims under extreme duress to pay ransoms. It’s the fastest-growing type of cybercrime, with the number of attacks and the financial implications exploding year after year.
Consider these facts:
Ransomware attacks on organizations occurred every 11 in seconds in 2021. By 2031, the rate will increase to every 2 seconds. The median cost of a ransomware attack in 2022 was $10M.
Hackers extorted approximately $1.1B in 2023, roughly doubling their illicit gains from 2022.
It is predicted that ransomware will cost victims $265B annually by 2031(link is external).
Five of the top 10 cybercrimes in 2023(link is external)—based on scope and long-term implications—were ransomware attacks.
Cybercriminals follow the money, and if ransomware is profitable, attacks will spread.
The impact on real estate
No business is fully immune to these attacks and their fallout, including the real estate domain. Attacks can hobble organizations, infrastructures, and even cities for days, weeks, and months. Just ask the city of Baltimore. In 2019, hackers seized control of thousands of Baltimore city government computers and demanded approximately $100,000 worth of bitcoin to release them. City employees were locked out of email accounts and systems, and the city could not provide essential services, including online payments of water bills, property taxes, and parking tickets. The Baltimore attack also had a significant impact on the real estate market. While the city’s computer systems were inaccessible, approximately 1,500 home sales were delayed due to the inability to transfer properties.
In August 2023, a popular MLS service provider that supplies MLS services to regional real estate groups nationwide was hit by a ransomware attack that left it inaccessible for weeks. At that time, the affected real estate agents couldn’t list homes, change prices, mark homes as pending/contingent/sold, or list open houses. The attack impacted an estimated 5% of real estate agents nationwide.
The best defense
The business impact of ransomware attacks is real and quantifiable. And so is the risk. But by building awareness and knowledge, there are things real estate professionals can do to make their businesses less vulnerable to attacks and more resilient should they be targeted.
Allocate an IT security budget. Investing in prevention, updates, security training, and security tools can pay huge dividends if attacks are prevented or mitigated.
Maintain secure, effective, off-site data backup systems. Ideally, data should be backed up daily. Consider using the “3-2-1” rule: maintain three copies of data stored on two different storage types and keep one copy offline.
Update systems, software and security tools. This includes software security patches issued by software vendors. Malware evolves so rapidly that security features on even recently outdated versions of systems and software can create risk.
Install firewalls and antivirus software. Firewalls are an essential first line of defense against cyberattacks. They effectively filter suspicious activity from entering a computer or network. Antivirus and antimalware software are the most common ways to defend against ransomware; however, they only detect attacks once they are in a system.
Be cautious with websites and email attachments. Phishing scams are historically the most common method attackers use to download ransomware to computers, so approach every email with caution and limit website use to known, reputable sites. The human element is often the main entry point in these attacks.
Develop a disaster recovery plan. A ransomware attack would feel disastrous, and no one thinks well under duress. By planning for action in the event of an attack, real estate professionals can position themselves to act quickly and eliminate learning how to manage a crisis as it unfolds.
In the event of an attack
If an agent or brokerage does experience a ransomware attack, immediate action must be taken. Ransomware is a crime, so take a photo of the ransomware message with a smartphone or via screenshot to include when reporting the incident.
Report the attack to law enforcement. The FBI, Secret Service, and the Cybersecurity & Infrastructure Security Agency (CISA) have jurisdiction over cybercrimes committed in the United States.
Alert customers. It’s best to let clients know that there will be an interruption in services and a potential loss of information that may impact them.
Disconnect external storage devices to prevent malware from corrupting them. This can potentially help save data stored in the cloud or externally.
If data is safely backed up, wipe the hard drive and reinstall the operating system (OS). Though these are last-resort measures, they might be the best options to remove malware from devices.
Reset all passwords. Any attacker who has gained access to a computer or network also has access to any passwords stored in web browsers and on OS keychains. Reset with stronger passwords and make them unique to each place they’re required.
Learning from losses
Ultimately, the ransomware attack cost the city of Baltimore upward of $18M, and the recovery took months.
Reputational damage also has a cost. If your clients don’t think their data is secure or you can deliver needed services such as updated listing information and property transfers, you’ll pay through loss of business and competitive advantage.
Baltimore is just one example of how devastating a ransomware attack can be. When you start looking, countless ransomware cases can be lessons for building a more secure posture for your business. Not only is it important for real estate professionals to know about, understand, and learn from these crimes, but it’s also crucial to have effective strategies in place to defend against them or at least mitigate any damage should your business be targeted.
Dave Conroy is the Director of NAR’s Emerging Technology group.