How to Protect Yourself from Ransomware

There was a widespread outbreak of ransomware attacks, based on a vulnerability in Windows that was released a couple months ago from NSA leaks. Ransomware typically infects a PC through a malicious website (less common) or via clicking an infected link in an email or an attachment (more common.) The infection usually encrypts the user’s files, and demands a ransom in electronic currency to recover them.

Here’s how you can protect yourself:

If you have a Windows machine, such as a personal laptop or home computer, please take a moment today to do a full round of Windows Updates and update any antivirus software you might be using. This should be a regular part of your routine. Try to turn on automatic updates and don’t delay them too often when they prompt you to install or restart – they’re important for exactly this reason.

Be careful opening email attachments, particularly if they appear to be from DropBox, DocuSign, or appear to be from a Realtor®, but contain vague instructions about a contract or financial transaction—the kind of email that looks like it might be something a Realtor sent you by accident or was intended for someone else. See example below.


In this example, the “payload” of infected code is in a link the PDF attachment. The text of the email itself has no malicious links and contains real information for an actual Realtor®. We called that member and she’s dealing with hundreds of these being delivered to her contacts and people she doesn’t know—myself included—but is at least aware of the issue and taking steps to handle it.

Unmask links in your emails to inspect them before clicking them or downloading attachments. If you hover over a link, you can see where it goes without clicking it. If the URL in the preview goes to an unfamiliar website or location (Particularly if the email you’re looking at purports to be from Dropbox or DocuSign but the domain in the URL is something totally different) Example below:

Remember that most of the effective, complex vulnerabilities that can attack even systems with good security like ours tend to rely on code being executed in other programs, like Adobe Acrobat. Many of the serious infection risks occur when a new vulnerability is discovered in how computers handle external files, like PDFs. You can mitigate a lot of risk simply by not downloading attachments from emails that appear suspicious. The whole purpose of these emails being vague and somewhat confusing is to get you to click on the attachment to see if it clarifies things.

Don’t fall for it. Just delete it and move on. If it’s legitimate or important, the sender will contact you again. If you’re not expecting it, it’s probably not something you want. This is a good thing to remember with emails you send, as well – don’t send members or other staff an email that’s just an attachment and no text, or something similar. Take a moment to write at least a one-sentence description of what the purpose of your email is, even if you just talked to the person about it. At the very least, it will help if they (or you) need to search for it later.

Here are a couple links that might be helpful:

Update your Windows systems now. Right now. – Washington Post Story

Microsoft Windows Update Instructions – via Microsoft

Microsoft Ransomware Information – via Microsoft

One additional note on ramsomware: You should always back up important files, but if you are attacked by ransomware and you have no other option, it’s worth noting that paying the ransom to decrypt the files and retrieve them usually does work. These schemes wouldn’t exist if there wasn’t a real mechanism for you to recover the files, and the hackers don’t have any motivation to leave your files encrypted—they just want to get paid.

If you have no other option to retrieve your files and are considering paying a ransomware demand, please feel free to call us to discuss the matter and we can advise you. Paying the ransom does not usually expose you to any additional infection risk. Any system compromised this way should have Windows fully re-installed from scratch anyway, so in some cases paying up might be the lesser evil. We’re here to help, and if you have any questions on the subject, please don’t hesitate to ask.

October is National Cyber Security Awareness Month | The Wednesday Word

Recognizing the importance of cybersecurity to our nation, President Obama designated October as National Cyber Security Awareness Month. Governor Charlie Baker made a similar proclamation. Cyber Security Awareness Month is designed to engage and educate public and private sector partners through events and initiatives with the goal of raising awareness about cybersecurity and increasing the resiliency of the nation in the event of a cyber incident.  More information on cyber safety can be found here: http://www.mass.gov/anf/research-and-tech/cyber-security/cyber-security-awareness-month/

 The MAR legal department has learned of several scams that have had a negative impact on REALTORS. For the rest of October, we will highlight some of these scams so you can better protect yourself. This is the first of those posts:

The scam: A buyer in a transaction will receive an email from a real estate agent, title company, or attorney with wiring instructions to transfer money for the upcoming transaction. The email appears genuine and contains the company’s email information and logo, and sometimes will include manipulative language to encourage you to act quickly. The email, however, is actually not from the so-called sender; rather, it is from a hacker who had monitored the email account of one of the parties, then altered information in the email to have the funds sent to the hacker’s own account.  Once the buyer transfers the funds pursuant to the wiring instructions included in the email, the funds are placed into the hacker’s account, most likely never to be recovered. While the reported instance targeted the buyer, altered emails could conceivably be sent to any party in the transaction to cause misdirection of funds.

 What you can do to protect yourself:

  • Secure your computer systems and email accounts and encourage your clients to do the same
  • Prior to making any transfers, parties should confirm all emailing wiring instructions directly with the escrow officer via telephone
  • If any party in the transaction has received suspicious or questionable wiring instructions, all parties should be notified immediately
  • Carefully review your E&O Policy to see if your policy covers cybercrime

 (Please note: This blog post was prepared by MAR Legal Staff: Michael McDonagh, General Counsel; Ashley Stolba, Associate Counsel; Justin Davidson, Legislative & Regulatory Counsel; and Christine Howe, Public Policy and Finance Coordinator)