BC real estate agency sustains unusual ransomware attack

ReMax Kelowna owner and general manager Jerry Redman announced that the cyberattack occurred around the same time that the agency’s IT staff were monitoring a software update. Redman also confirmed in an interview with IT World Canada that the ransomware IT staff found did not start, but some company files were copied by the attackers.

“We were in within minutes of knowing it started and that’s why [the attackers] I don’t have a lot, ”said Redman.

While an investigation into the attack is ongoing, Redman believes that the malicious actors responsible for the breach have only been able to copy what the director calls “non-personally identifiable company information”. That data includes “graphic design that company does for people”.

Redman said he was unaware that files were stolen during the attack until a reporter informed him later that week.

“We ended the attack so quickly that we didn’t think they were getting anything. We did not receive a ransomware request from [attackers]Our system has never been locked by them, but they obviously have some data. “

Although the cyberattack against the real estate agency has been confirmed to be ransomware, the way the attack started remains a mystery.

“The only thing we can think about at this point is that we did a software upgrade from a large company and it started around the same time,” Redman said when asked if he knew how the cyberattack occurred started.

Redman also said he wasn’t sure if the software upgrade itself was infected with the malware.

“I don’t want to speculate, but that’s exactly what we did when it happened and that’s why we were able to shut it down so quickly because my IT staff were here.”

Ransomware attacks are typically carried out by phishing and / or spear phishing, which exploits remote access software, infected pirated copies, drive-by downloads from infected websites and infected removable media. However, as Redman suspects, ransomware attacks via third-party software or supply chains are rare, but not uncommon.

When asked for an explanation of the cyberattack, Emsisoft threat researcher Brett Callow told IT World Canada that supply chain attacks can give attackers an initial hold on the affected IT system, but added that he has never heard of such an attack I heard that they used to quickly exfiltrate data before the actual ransomware was deployed.