Rapattoni hit with ransomware attack, paralyzing MLSs and agents

Craig C. Rowe; Canva

No one can predict the future, but you can prepare. Find out what to prepare for and pick up the tools you’ll need at Virtual Inman Connect on Nov. 1-2, 2023. And don’t miss Inman Connect New York on Jan. 23-25, 2024, where AI, capital, and more will be center stage. Bet big on the roaring future, and join us at Connect.

Technology company Rapattoni suffered a ransomware attack Wednesday that paralyzed servers hosting multiple listing services with hundreds of thousands of members, including many still hamstrung by outages, Inman has learned.

Northwest Indiana Realtors Association, San Francisco Association of Realtors, BAREIS MLS, Pasadena Foothills Realtors, and CincyMLS were still struggling with outages as of Friday, according to Dave Woodson of Dream Team Agents and posts on MLS websites.

“No one can add or remove listings, update statuses and things such as that,” Woodson told Inman in an email. “I’m telling my clients the truth — they were hacked, they don’t have their information, but they have all mine.”

“I can’t update their home, but I’m doing all I can to get it resolved,” Woodson added. “[I’m] just trying to sell their home in a timely fashion. It’s hard to write an offer when you can’t access the property info all in one spot.”

Rapattoni’s MLS technical support line on Friday, August 11, offered a recorded message confirming the issue. As of this writing, the attack is also affecting the company’s website, which has become inaccessible.

On Saturday, August 12, Rapattoni posted the following message to its company Facebook page:

“We are continuing to investigate the nature and scope of the cyber-attack that has caused a system outage and we are working diligently to get systems restored as soon as possible. All technical resources at our disposal are continuing to work around the clock through the weekend until this matter is resolved. We still do not have an ETA at this time, but we will continue to update you and keep you informed of our efforts.”

Inman has contacted Rapattoni to confirm the total number of MLSs impacted and will update this post when the company responds.

The company’s client testimonial page for its Rapattoni MLS product cites a number of multiple listing services as customers, including Omaha Area Board of Realtors, Bakersfield Association of Realtors, St. Louis Realtors, South Tahoe Association of Realtors and Lynchburg Association of Realtors, among many others.

Ransomware is described by the federal Cybersecurity and Infrastructure Security Agency as “an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption.”

Woodson provided screenshots to Inman describing the incident to users states that no new listing data provided by Rapattoni is accessible beyond August 9. The message to customers reads, in part:

“Federal authorities are involved with investigating the cyber-attack, and Rapattoni’s insurance company is currently negotiating with the ransomware individuals.”

“Since yesterday, Rapatttoni has brought on 300 new servers to recreate the MLS ‘environment.’ Our MLS data was backed up to separate unaffected servers, so all of our historical information is safe. However, what was not backed up were each individual MLS system’s configurations. So, unless Rapattoni can come to an agreement with the cyber-attackers, it will take some time for them to recreate our setup. How much time exactly is currently unknown.”

One MLS, San Francisco Association of Realtors’  posted updates on its website as workers rush to resolve the issue. A post on Aug. 10 confirmed the issue hadn’t been resolved.

While we recognize that listing inputs (and edits), broker tours and open houses are paramount, we have determined that the ability to add new listings and edit existing ones will not be restored today.”

Services unavailable to members of SFAR include the ability to make any changes to accounts or changes to information, new membership or termination processes and reinstatement for non-payment. The staff is unable to make any changes on behalf of members, as new listing entry or editing is impossible.

In an FAQ on SFAR’s site, the organization said it will suspend Clear Cooperation requirements as a work-around, allowing members to market new listings outside of the controversial policy’s 24-hour MLS input requirement.

Ryan Castle, CEO of Cap Cod & Islands Association of Realtors & MLS said that Rapattoni’s Association Management System and its IdP (identity provider – a gateway for verifying a user’s identity) are also inaccessible.

“We have created work-around to keep the MLS and products available to our members. Those work-arounds were delayed in being created due to Rapattoni failing to communicate the severity of the issue in a timely manner,” Castle told Inman in an email.

Zillow, the industry’s largest source of real estate listings for consumers, is affected, too. In 2021, the portal changed the way it received listing data, going from thousands of fragmented MLS and broker sources to a straight IDX feed, like most typical brokerages.

“Zillow deployed a temporary solution to support our MLS partners who are affected and to help maintain listing accuracy for customers who are shopping on our site,” said a Zillow spokesperson in an email to Inman. “We are encouraging agents in the impacted areas to work with their MLS directly to have their listings manually updated on Zillow.”

A thread on r/Realtors on news aggregator and social media site Reddit is actively discussing the outage, with one poster, SweetnessBaby, saying they are using Zillow until the issue is resolved and another, apparently an active seller, going by bte_,  said their agent recommended Zillow and doing a FSBO, or For Sale By Owner.

“I work in the software side of the industry (not for Rap), everyone knew about the outage right away but they just let slip today that an attack occurred in a notice to the associations using their tools. Aside from whole MLS’s going down there are dozens of areas unable to manage members or handle billing,” another poster, AshuraVonXacto, wrote.

This may not be Rapattoni’s first fight with data pirates, as a 2019 post on indicated MetroList, a Sacramento-based MLS, was impacted by an attack on its data provider.

Inman has contacted Rapattoni for additional information. This is a developing story.




























Email Craig Rowe