February, 2020

Inspection News and Views from the American Society of Home Inspectors

A Home Inspector’s Tutorial on Malware


Imagine you start your computer one morning and you see the screen pictured on this page. Nothing you do gets you back to your desktop. You’ve just become another victim of malware, and the clock on the screen is like a ticking time bomb waiting to destroy all your files. Do you pay the ransom or call for a repair tech? Both are tough choices. 

The internet is a lawless place. It has been said that if you connect an unprotected personal computer (PC) to the internet, it will become infected within hours. 

I never thought when we first started our inspection business 17 years ago that a cybercriminal could take over our computers and hold them hostage, but since then, the chances of a small business like ours getting hit by a phishing or malware attack has grown exponentially. This was confirmed by a cybersecurity survey (https://www.keepersecurity.com/assets/pdf/Keeper-2018-Ponemon-Report.pdf) conducted by the Ponemon Institute in 2018. The survey involved 1,045 small and medium-sized businesses in the United States and the United Kingdom.

Here are some of the findings: 

Ransomware has been making the mainstream news in the last few years. In 2017, Russia launched the WannaCry attack targeting the Ukraine but the cyberattack went worldwide. In all, it attacked over 200,000 computers in 150 countries. The WannaCry is a ransomware cryptoworm (https://en.wikipedia.org/wiki/WannaCry_ransomware_attack). In the initial attack, those who paid the ransom did not actually get their files back, suggesting there were other objectives of the cyberattack.

This was just the start. In 2019, it was reported that 621 government agencies, healthcare providers and schools experienced ransomware attacks in the first nine months of the year. At the time of the writing of this article, city officials in New Orleans declared a state of emergency as the city services were attacked. At this point, it is unclear what the damage is, but many city services were taken offline. 

Cyberattack reports do not include the thousands of small businesses and individuals who are not obligated to report attacks. 

Why is this happening? 

Cybercriminals can make thousands of dollars without leaving their bedrooms, and they can be anywhere with an internet connection. They operate in the dark web, and their crimes are difficult to prosecute. A cybercriminal can rent a botnet and a mail list for a few hundred dollars and send out thousands of emails that appear to be realistic. Once a person opens the mail and payload, the attack begins. The cryptoworm does the dirty work, which may include hijacking your mail account and emailing everyone on it the same ransomware. It might also look for other computers on your network and infect those before it encrypts all your files. 

For cybercriminals, even if they get a 2% response rate, they can make a good living. There are many variations of malware, but most want the same thing, to get money from you. The most common types of ransomware reported in the past year are Bitpaymer and Ryuk, which use a Trojan horse, such as Trickbot or Emotet, to infiltrate their victim’s system. (See page 14 for more informationabout phishing and Trojan horses) An emerging ransomware strain called Sodinokibi specifically targets its victims and demands larger than average ransoms.

There are tools to decrypt your files, but the truth is that, most of the time, organizations who have been infected by malware will pay the “ransom” to have it fixed. Sometimes they will get their files back, but other times, they never hear from the cybercriminals after they have paid.

To avoid being a cybervictim, follow these steps:

There is always a range of challenges facing any home inspection business. We all have experienced computer issues, but just imagine if all your office data were being held hostage. The best way for businesses to protect against these threats is to have a plan and a comprehensive set of security tools in place and to beware of “symptoms” that suggest an attack may be occurring on your computer. It is also good to identify a computer expert to call if you feel like the situation is out of control.

Phishing… Trojan Horses… What are these and what if they come for me?

Phishing: The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. (Source: Google dictionary)

Trojan: A Trojan horse, or “Trojan,” is a type of malicious code or software that looks legitimate but can take control of your computer. A Trojan is designed to damage, disrupt, steal, or in general inflict some other harmful action on your data or network. (Source: Norton, https://us.norton.com/internetsecurity-malware-what-is-a-trojan.html)

How to know if your email is a phishing attack

I received a phishing email while I was writing this article. The message said it was from FedEx, and it invited me to click on the attachment to get shipping information. Because my office staff frequently orders items from Amazon, receiving packages from FedEx seemed normal. However, we usually get a delivery notice on our door, and most items do not require a signature. This alerted me that this could be a phishing attempt.   

Here’s how to determine if an email is “phishing”:

If in doubt, call the company or person that has emailed you. Have them verify all the information to be sure they actually sent it to you.

Rick Bunzel is the principal inspector with Pacific Crest Inspections and an ASHI Certified Inspector. He holds a BA in Business Marketing, and in the past, he chaired the marketing and public relations committees for a national home inspection organization. Locally, he is an active member with the North Puget Sound Board of Realtors and has been a firefighter for 42 years. Visit his website at http://www.paccrestinspections.com.