MetroList, the largest multiple listing service in Northern California, was hit by a cyberattack this week, leaving its more than 20,000 agent and broker subscribers without a fully functioning MLS for a day and a half and counting.
MetroList informed its customers of the attack yesterday afternoon via its Facebook page.
“Unfortunately, MetroList has become a victim of a Cyber-attack [sic]. Our entire MetroList team has been working nonstop to restore all services to our users,” the MLS wrote.
“This is a needless inconvenience for the thousands of hard working real estate professionals who depend on the MLS to conduct their business and maintain their livelihood.”
This morning, MetroList let its users know that the system had been restored as of 2 a.m. Pacific, but then said that there were still issues impacting the system and that there may be periodic outages.
In an emailed statement to Inman, MetroList said:
“On June 11th at 12:30 am the Prospector MLS system was hit by a cyber-attack. Upon learning about the cyber-attack, MetroList implemented its crisis communications program and began the start of its disaster data recovery plan.
Throughout the day and night, the MetroList team worked diligently, at a fast pace, to recover and restore the data. Over the continuing course of the restore process, the Prospector MLS system may periodically go offline while other systems are also being restored.
We sincerely apologize for any inconvenience this may have caused, but please know that our team is working tirelessly to minimize system downtime.”
In a separate statement posted on the MetroList login page, the MLS said photos from existing listings may take 12 to 24 hours to restore and urged agents to check the accuracy of their listings.
That statement also said, “At this time there is no indication that any data was compromised. We are working with a forensic security firm to ensure the continuing safety of the data.”
Saul Klein, co-founder of real estate network RealTown, told Inman that MetroList was hit by ransomware and paid $10,000 in bitcoin to free itself. He declined to disclose his source to Inman, but said the source was not someone from MetroList or someone with direct knowledge of the attack.
Klein posted about the incident on his Facebook page this morning without naming the MLS.
MetroList did not respond to Inman’s questions regarding whether the cyberattack was ransomware, whether the ransom was paid, whether any data was lost or otherwise affected by the attack and whether the attack had anything to do MetroList self-hosting its MLS system. Most MLSs have their systems hosted by their MLS vendors in the cloud.
MetroList also did not respond to questions regarding what security measures it had in place before the attack and whether they will now change.
On Klein’s Facebook post, Matt Cohen, a technology consultant who advises MLSs on security issues, said he would keep pushing for MLSs to be proactive about security measures.
“Many only get interested after they are affected,” he wrote.
He recommended deploying top antivirus software such as Sophos, firewall blocking bad reputation websites or only allowing certain websites, anti-phishing training for employees, and having well-tested multigenerational backups, among other steps MLSs can take to handle ransomware threats.
Klein noted that ransomware attacks are becoming “pretty prevalent.” The city of Baltimore was hit with a ransomware attack last month that it still has not fully recovered from and cost the city $18 million. Hackers demanded $76,000 in bitcoin to unlock the city’s computers, but the mayor refused to pay, according to The Baltimore Sun.
How do you stay ahead in a changing market? Inman Connect Las Vegas — featuring 250+ experts from across the industry sharing insight and tactics to navigate threat and seize opportunity in tomorrow’s real estate market. Join more than 4,000 top producers, brokers and industry leaders to network and discover what’s next, July 23-26 at the Aria Resort. Hurry! Tickets are going fast, register today!
Thinking of bringing your team? There are special onsite perks and discounts when you buy tickets together. Contact us to find out more.