February, 2020
Inspection News and Views from the American Society of Home Inspectors

A Home Inspector’s Tutorial on Malware


Imagine you start your computer one morning and you see the screen pictured on this page. Nothing you do gets you back to your desktop. You’ve just become another victim of malware, and the clock on the screen is like a ticking time bomb waiting to destroy all your files. Do you pay the ransom or call for a repair tech? Both are tough choices. 

The internet is a lawless place. It has been said that if you connect an unprotected personal computer (PC) to the internet, it will become infected within hours. 

I never thought when we first started our inspection business 17 years ago that a cybercriminal could take over our computers and hold them hostage, but since then, the chances of a small business like ours getting hit by a phishing or malware attack has grown exponentially. This was confirmed by a cybersecurity survey (https://www.keepersecurity.com/assets/pdf/Keeper-2018-Ponemon-Report.pdf) conducted by the Ponemon Institute in 2018. The survey involved 1,045 small and medium-sized businesses in the United States and the United Kingdom.

Here are some of the findings: 

  • Sixty-seven percent of respondents suffered a cyberattack in 2018 (compared with 61% the previous year).
  • Sixty percent of survey respondents who reported a data breach said the cause was a negligent employee or independent contractor.
  • A significant majority of respondents experienced an exploit or malware that evaded their company’s intrusion detection or antivirus software.
  • Mobile devices were the most vulnerable entry points to companies’ computer networks.

Ransomware has been making the mainstream news in the last few years. In 2017, Russia launched the WannaCry attack targeting the Ukraine but the cyberattack went worldwide. In all, it attacked over 200,000 computers in 150 countries. The WannaCry is a ransomware cryptoworm (https://en.wikipedia.org/wiki/WannaCry_ransomware_attack). In the initial attack, those who paid the ransom did not actually get their files back, suggesting there were other objectives of the cyberattack.

This was just the start. In 2019, it was reported that 621 government agencies, healthcare providers and schools experienced ransomware attacks in the first nine months of the year. At the time of the writing of this article, city officials in New Orleans declared a state of emergency as the city services were attacked. At this point, it is unclear what the damage is, but many city services were taken offline. 

Cyberattack reports do not include the thousands of small businesses and individuals who are not obligated to report attacks. 

Why is this happening? 

Cybercriminals can make thousands of dollars without leaving their bedrooms, and they can be anywhere with an internet connection. They operate in the dark web, and their crimes are difficult to prosecute. A cybercriminal can rent a botnet and a mail list for a few hundred dollars and send out thousands of emails that appear to be realistic. Once a person opens the mail and payload, the attack begins. The cryptoworm does the dirty work, which may include hijacking your mail account and emailing everyone on it the same ransomware. It might also look for other computers on your network and infect those before it encrypts all your files. 

For cybercriminals, even if they get a 2% response rate, they can make a good living. There are many variations of malware, but most want the same thing, to get money from you. The most common types of ransomware reported in the past year are Bitpaymer and Ryuk, which use a Trojan horse, such as Trickbot or Emotet, to infiltrate their victim’s system. (See page 14 for more informationabout phishing and Trojan horses) An emerging ransomware strain called Sodinokibi specifically targets its victims and demands larger than average ransoms.

There are tools to decrypt your files, but the truth is that, most of the time, organizations who have been infected by malware will pay the “ransom” to have it fixed. Sometimes they will get their files back, but other times, they never hear from the cybercriminals after they have paid.

To avoid being a cybervictim, follow these steps:

  • Be aware. Awareness of the problem is the first step. As business owners, home inspectors should maintain good habits when using technology. Don’t assume that having a small business makes you less likely to be a victim. 
  • Install a top-rated AntiVirus or AntiMalware program. There are number of good products. Just go to your browser and type in “best malware software 2020.” Do some research and make a choice. I chose to use BitDefender, but Kaspersky and Webroot were also highly rated. If you are uncertain, ask an expert.
  • Protect all your devices that connect to your network and the internet. We used to feel like our tablets and phones were immune to viruses and malware, but today, those devices are merely a bridge for cybercriminals to get to your network.
  • Keep your operating system and applications updated. Cyberattacks look for vulnerabilities in old or outdated software that they can capitalize on, so make sure you install updates as soon as they become available, since those updates can close security holes that may have been exposed.
  • Use offline or cloud backup. Malware will attack anything it can get to. If you back up your computer to a USB hard drive and you leave it plugged in, the malware will attack it. If you leave your backup hardrive disconnected, however, the malware cannot get to it unless you plug it into an infected machine. Cloud backup is very popular, and we use it in our office. Every night, the cloud system backs up all of our storage devices. Make sure you know how to restore your files.
  • Avoid clicking on unknown links. Educate everyone on your network. Whether information comes to you via email, a social networking site or a text message, be sure that if a link seems unfamiliar, you and your colleagues and employees stay away from it. This especially goes for links that come from sources you don’t know or recognize.
  • Be alert. Cybercriminals depend on inattentiveness. If you or someone in the office gets an unsolicited email, be suspicious—especially if the message includes an attachment. If your computers, tablets or phones start acting strange, disconnect them from the internet and run scanning software. I run Spybot Search and Destroy as well as MalwareBytes. Both of these programs are free and update their virus or malware definitions on a daily basis. The different services that these programs offer gives me peace of mind that they might catch something that my core antivirus sofware doesn’t catch.

There is always a range of challenges facing any home inspection business. We all have experienced computer issues, but just imagine if all your office data were being held hostage. The best way for businesses to protect against these threats is to have a plan and a comprehensive set of security tools in place and to beware of “symptoms” that suggest an attack may be occurring on your computer. It is also good to identify a computer expert to call if you feel like the situation is out of control.

Phishing… Trojan Horses… What are these and what if they come for me?

Phishing: The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. (Source: Google dictionary)

Trojan: A Trojan horse, or “Trojan,” is a type of malicious code or software that looks legitimate but can take control of your computer. A Trojan is designed to damage, disrupt, steal, or in general inflict some other harmful action on your data or network. (Source: Norton, https://us.norton.com/internetsecurity-malware-what-is-a-trojan.html)

How to know if your email is a phishing attack

I received a phishing email while I was writing this article. The message said it was from FedEx, and it invited me to click on the attachment to get shipping information. Because my office staff frequently orders items from Amazon, receiving packages from FedEx seemed normal. However, we usually get a delivery notice on our door, and most items do not require a signature. This alerted me that this could be a phishing attempt.   

Here’s how to determine if an email is “phishing”:

  • The email is unexpected. It could be from a former client, real estate agent or a corporation. In the example of the FedEx message, we were not expecting a package that would require a signature. 
  • The email address does not include an appropriate domain. This email did not have a FedEx domain. Instead, it says, “mychoice.com,” which is an unknown domain. Because even this kind of thing can be spoofed in most email programs, you can look at the complete header and see the actual email server.
  • The email asks you to take immediate action. We have had emails that say they are from Visa and that our account is locked. They request information to unlock the account. Just clicking on the link will load a Trojan horse onto your computer.
  • There are errors in the message. Before spell check, infected messages would often contain misspelled words, but today it is more likely to be a grammar issue. We have also seen incorrect dates.
  • There is an attachment. Resist the temptation. Trojans horse  or viruses can be in a picture, Word document or a Java file.

If in doubt, call the company or person that has emailed you. Have them verify all the information to be sure they actually sent it to you.

Rick Bunzel is the principal inspector with Pacific Crest Inspections and an ASHI Certified Inspector. He holds a BA in Business Marketing, and in the past, he chaired the marketing and public relations committees for a national home inspection organization. Locally, he is an active member with the North Puget Sound Board of Realtors and has been a firefighter for 42 years. Visit his website at http://www.paccrestinspections.com.