Ransomware- Think Before You Click
Amy Fennell • December 27, 2017
By: Patricia B. McMurray, JD, Samuel L. Felker, JD, CIPP/US and Gina G. Greenwood, JD, CIPP/US Baker, Donelson, Bearman, Caldwell & Berkowitz, PC
Over the past year, no information security concern has demanded more media and corporate attention than ransomware. The evolution of this threat from an ineffective nuisance to a sophisticated business model generating hundreds of millions of dollars for hackers has been impressive to say the least, and the number and frequency of attacks are on the rise. Petya, Bad Rabbit, Wanna Cry, Crytolocker and other ransomware cybersecurity attack have infiltrated many company's IT systems.
WHAT IS RANSOMWARE?
Ransomware is a category of malware or malicious software that disables the functionality of a computer in some way. After infecting a computer, the ransomware program displays a screen message that demands payment, usually in bitcoin (or other cryptocurrency) in order to avoid traceability. Sometimes the scammers add pressure by including a countdown clock and threatening to destroy data unless payment is made by the deadline. Ransomware has evolved over time, using various techniques to disable a computer, but the most recent iteration either locks the computer display, disallowing any access to programs or actually encrypts and/or removes files. The malware, in effect, holds the computer captive and demands a monetary ransom as an extortion. The hackers promise to provide the "key" to unlock the computer and restore functionality once payment is made. Ransomware generally infects IT systems in a similar manner as other types of malware. Commonly, the user clicks on an infected popup advertisement or on an infected link within an email and is directed to an infected website. To provide perspective about the scope of this problem, PhishMe recently reported that a staggering 93 percent of phishing emails were infected with ransomware in Q1 of 2016. With a simple click on a link or by opening an attachment, malware can enter the network, quickly infecting files and encrypting data.
If that isn't scary enough, ransomware hacking techniques are becoming more sophisticated and dangerous. According to Bill Dean, digital forensics expert and Senior Manager for LBMC Information Security, ransomware attacks often involve encrypting with an "unbreakable" code the entire system – including local user created files, local system backups (volume shadow copies), network shares to which the infected user account has modify rights (often causing major devastation) and any locally attached USB drives. In addition, an undocumented "feature" of most current ransomware variants is that cloud-based storage is also at risk. Cloud storage solutions often synchronize the local user files to the Cloud provider. Dean warns that if the ransomware encrypts the local files that are to be synchronized, and there are not multiple versions in the cloud, the cloud-synchronized files will also be encrypted.
WHAT IS THE FUTURE OF RANSOMWARE?
By performing a detailed analysis of ransomware samples, Dean and his colleagues have determined that these attacks are currently geographically focused on certain countries. Additionally, due to the price tolerance (and likelihood of payment) of different countries, the amount of ransom fee demanded will actually vary based on the location of the machine that is infected, with most ransomware attacks commanding relatively small amounts in ransom to encourage quick, no-fuss payment. Attackers also target the file types most likely to glean payment. According to Dean, ransomware is getting highly sophisticated with the ability to avoid detection and lie in wait, attack later, and extract and remove data – causing true data theft scenarios.
HOW TO DEFEND AGAINST RANSOMWARE ATTACKS
There are currently no "silver bullets" to prevent ransomware infections. With the elusive methods of constant changing of attack signatures, conventional controls – such as anti-virus software – are not enough. However, there are preventative measures that can be taken by organizations to build resilience against ransomware attacks. The FTC recommends:
Train and Educate Staff. Implement education and awareness programs to train employees to exercise caution online and avoid phishing attacks.
Use Good Cyber Hygiene. Practice good security by implementing basic cyber hygiene principles:
o Assess the computers and devices connected to networks to identify proactively the scope of potential exposure to malware.
o Identify technical measures that can mitigate risk, including endpoint security products, email authentication, intrusion prevention software and web browser protection.
o Implement procedures to keep security current.
o Update and patch third-party software to eliminate known vulnerabilities.
Create Backups. Back up your data early and often. Well-prepared organizations with reliable backup systems may be able to restore systems from those backups with minimal data loss or business interruption.
o Identify business-critical data in advance and establish regular and routine backups.
o Keep backups disconnected from your primary network so that you can rely on the backup in the event of an attack.
Plan Ahead. Prepare for an attack. Develop and test incident response and business continuity plans. We recommend your response plan detail attorneys, IT and forensic vendors and experienced law enforcement agents and their 24/7 cell phone numbers - and incorporate vendors approved by your cyber insurance policy.
Additionally, in the unfortunate event of a ransomware attack, we recommend that businesses formally assess the damage after an attack by conducting a forensic examination; however, companies should not allow the IT system / logs to be wiped clean or otherwise be modified. Your business will need to preserve the firewall, network and server logs as evidence of what happened. This is critical to be able to prove whether there was or was not a breach that requires reporting to consumers, the media and state/federal government. Preparing in advance for a ransomware attack is critical to surviving and navigating a ransomware attack. An attack is not always fatal but mismanagement of an attack can be.
Preparing in advance for a ransomware attack is critical to surviving and navigating a ransomware attack. An attack is not always fatal but mismanagement of an attack can be.
For the detailed steps your organization can take to prepare for a ransomware attack, see Ransomware: What to Do When Your Files Are Held Hostage, developed by analysts at LBMC Information Security.
If you suspect you have been hacked or victimized by cybercriminals, you should immediately contact qualified counsel to assist in your investigation, resolution and in any required reporting to state or federal agencies such as the Consumer Protection Section of the Louisiana Attorney General, if the breach of the security of the computer systems includes personal data ( see LA R.S. 51:3071 et seq ).
The National Association of REALTORS® Board of Directors approved a 2026 budget with no dues increase and passed a Professional Standards Recommendation to clarify language in NAR Code of Ethics Standard of Practice 10-5, which prohibits harassment of any person or persons protected under Article 10 of the Code. A day earlier, the Executive Committee approved another Professional Standards change, revising language for Policy Statement 29 designed to ensure state and local associations can fairly and consistently enforce the Code of Ethics. Learn more about the changes. Read the revised Code of Ethics and Standards of Practice. Board members also approved a consent agenda to elect the 2026 officers and regional vice presidents . Christine Hansen of Ft. Lauderdale, Fla., was elected 2026 President-Elect, and Colin Mullane of Ashland, Ore. was elected 2026 First Vice President. The meeting opened with a video message from President Donald Trump, who welcomed REALTORS® to Washington and thanked them for support of the House-passed tax reform. NAR routinely invites the U.S. president to address REALTORS® at the Washington meetings. Over NAR's history, nine sitting presidents have addressed the association. Board Actions Approved a series of Finance Committee recommendations, accepting the association’s financial statement, approving the 2026 operating and advocacy budgets, and keeping dues at $156. The board actions also redirect $35 of the $45 Consumer Advertising Campaign assessment to operating funds. This change positions NAR to make its next settlement payment in February 2026 and maintain a balanced budget without raising total dues. The remaining $10 for the Consumer Advertising Campaign will fund optimized, metrics-driven activities that reach and engage consumers in critical markets. NAR CEO Nykia Wright and President Kevin Sears explained the shift at the opening session of the conference . Amended Standard of Practice 10-5 to give state and local associations greater clarity in how to fairly and consistently enforce Article 10 of the Code of Ethics. The amended Standard of Practice says that REALTORS®, in their capacity as real estate professionals, in association with their real estate businesses, or in their real estate-related activities, shall not harass any person or persons based on race, color, religion, sex, disability, familial status, national origin, sexual orientation, or gender identity. Made a series of recommendations to the Standards of Practice to bring the language in line with the terms of NAR’s 2024 settlement. Approved a motion to make one member of the Executive Committee a commercial practitioner who has served as chair, vice chair or liaison of an NAR commercial-related committee or forum to serve a two-year term and be independent of the 10% commercial representation requirement outlined in the NAR Constitution. Approved a recommendation from the Credentials and Campaign Rules Committee to amend qualifications for president-elect, first vice president and treasurer effective Jan. 1, 2026. Qualifications for top-line officers are now aligned with those already in place for regional vice presidents. Approved recommendations from the Member Accountability Committee related to applications for volunteer leadership and the Statement of Appropriate Event Conduct. The goal of the recommendations is to ensure members found in violation of the NAR Member Code of Conduct are properly disclosed. Award Winners NAR President Kevin Sears announced the 2025 Distinguished Service Award winners James P. Cormier , AHWD, C2EX, of Minneapolis-St. Paul, and Brooke S. Hunt , AHWD, E-PRO, SFR, SRS, C2EX , of Flower Mound, Texas. In addition, the group recognized the winner of the 2024 William R. Magel Award, Anne Marie DeCatsye , CEO of the Canopy REALTOR® Association and Canopy MLS in the Charlotte, N.C., metro area. REALTORS® Relief Foundation During the meeting, REALTORS® Relief Foundation President Greg Hrabcak appealed to board members to make a tax-deductible donation. The fund provides housing assistance to victims in the immediate aftermath of a disaster; 100% of funds donated go to disaster relief. “We’ve had devastating wildfires in California, tornadoes in Missouri and Kentucky and flooding in West Virginia, and we’re still in the first half of this year,” Hrabcak said. Before the meeting ended, directors had donated more than $41,000.
Whether you’re working in Baton Rouge, Shreveport, Lafayette, or anywhere in between, here’s how you can use Homeownership Month to elevate your real estate marketing and better serve your community.
Here are key insights and ready-to-use talking points to show your clients how homeownership is more than just a place to live—it's a smart strategy for long-term wealth building, especially right here in our state.
