Real estate agency

British Columbia real estate agency suffers unusual ransomware attack

ReMax Kelowna owner and general manager Jerry Redman revealed that the cyberattack happened around the same time the agency’s IT staff were overseeing a software update. Redman also confirmed with TI World Canada in an interview that while the ransomware IT staff was not launched, some company files were copied by attackers.

“We were on it a few minutes after we knew it had started, and that’s why [the attackers] don’t have much, ”Redman explained.

While an investigation into the attack is still ongoing, Redman believes the malicious actors responsible for the breach have only managed to copy what the director calls “non-personal corporate data.” This data includes the “graphic design stuff the company does for people”.

Redman said he was unaware that any files were stolen during the attack until a reporter informed him later in the week.

“We stopped the attack so quickly we didn’t think they were getting anything. We have not received any ransomware requests from [attackers], our system was never locked by them, but they obviously received some data. “

Although the cyberattack on the real estate agency has been confirmed to be ransomware in nature, how the attack was launched remains a mystery.

“The only thing we can think about at this point is we were doing a software upgrade for a large company and it started happening at exactly the same time,” Redman said when asked. asked if he knew how the cyberattack started.

Redman also said he was unsure whether the software upgrade itself was infected with malware.

“I don’t want to speculate, but that’s literally what we were doing when it happened, and that’s why we were able to shut it down so quickly because my IT people were there.”

Ransomware attacks are typically carried out by phishing and / or spear phishing, exploiting remote access software, infected pirated software, spam downloads from infected websites, and infected removable media. But ransomware attacks through third-party software or supply chains – as Redman suspects has happened – are rare, but not unheard of.

When asked for a statement on the cyberattack, Emsisoft threat researcher Brett Callow said TI World Canada that supply chain attacks can give attackers a first anchor point on the affected computer system, but added that he had never heard of such an attack being used to rapidly exfiltrate data before deploy the real ransomware.

Source link