Ransomware attempt on British Columbia realtor raises question of supply chain attack

A real estate agency in British Columbia is investigating a ransomware attack that the owner says was caught before serious damage was done. But the incident raises the question of whether the attack came through the infection of a third party’s application.

Jerry Redman, owner and managing director of ReMax Kelowna, which has four offices in the city of 132,000, said in an interview Friday afternoon that fortunately, the attack happened at the same time as IT staff were overseeing a software update. The ransomware wasn’t launched, although some files were copied.

“We were on it within minutes of knowing it started, and that’s why [the attackers] don’t have much,” he said.

While a forensic investigation is still ongoing, so far Redman believes the only data attackers were able to copy was what he called “non-personal company data.” This includes “graphic design stuff that the company does for people.”

On Wednesday, the Conti ransomware group’s website listed ReMax Kelowna as one of its victims and included the names of 15 files it allegedly coped as proof of the attack.

Redman said he didn’t know after the incident that files were apparently copied until a reporter called him on Thursday.

“We had the attack shut down so fast we didn’t believe they got anything. We got no ransomware request from [attackers], our system never got locked down from them, but they obviously got a little bit of data.

“They never got the ransomware launched on our server… but they got a small data set. Luckily, it’s not a server that hosts a ton of stuff outside our company stuff. All of our other stuff is on different servers with different companies that do our software now. We moved it all about a year and a half ago.”

Where did it come from?

Asked if he knows how the attack was launched, Redman didn’t have answers. “Not a clue. “The only thing we can think of at this point is we were doing a software upgrade from a major company and it started to happen about the exact same time.”

Redman said he wasn’t sure if that upgrade was infected, he said. “I don’t want to speculate, but that’s literally what we were doing when it happened, and that’s why we were able to shut it down so quick because my IT guys were here.”

The company got lucky, he added.

“Because I know somebody who was hit about a year ago and it cost them $4 million,” he said, referencing a business from a different industry, not in Kelowna.

Redman noted he doubts his firm was targeted.

Ransomware attacks through third-party software or supply chains are rare. Usually, attacks are initially launched through phishing and spear phishing, with the exploitation of remote access software vulnerabilities, infected pirated software, drive-by downloads of infected websites and infected removable media also known to be used.

In an email, Brett Callow, a threat researcher for security firm Emsisoft, said supply chain attacks can enable attackers to gain an initial foothold. “But, I’ve never heard of such an attack being used to speedily exfiltrate data prior to deploying ransomware,” he wrote.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now