Mortgage Software Solutions Blog

Petya: A New Ransomware Threat


Ransomware is a growing threat to computers and to the businesses and individuals that use them. This kind of malware encrypts the contents of a drive, making it useless to the owner. To get it decrypted, the user must send payment through an anonymous channel to the extortionist, who will then (if you're lucky) send you a decryption key that will restore your files.

Understanding Petya

Petya is a recent and especially nasty form of ransomware that encrypts not your documents but the underlying Windows file system, making it impossible even to boot your computer. The payment process is cumbersome and error-prone. The good news is that it's possible, though difficult, to recover the files.

So far, this attack has taken the form of supposed job applications emailed to employers. It asks them to download a file from Dropbox that supposedly contains a resume. It's actually an executable file that does the dirty work. Dropbox has removed this file, but we can expect the perpetrators to put it up somewhere else in the near future.

When it runs, it overwrites the boot loader—the code that your computer executes when you first turn it on. Then, it crashes the computer, displaying only the "Blue Screen of Death." At this point your file structure is still intact, but it isn't safe to reboot.

If you reboot, you'll see text on your screen that impersonates the CHKDSK system software that verifies the disk. What it’s actually doing is encrypting the computer's Master File Table. When it's done, it will display a red skull made of text characters and then a politely phrased demand for payment.

Since your computer is now useless, you have to go to another computer to carry out the instructions. You have to send a payment, most often in Bitcoin, to retrieve the decryption key. Then you have to type it, by hand, on your own machine; it's very long and difficult to copy without mistakes.

How are Mortgage Firms Affected?

Mortgage companies and similar institutions are especially vulnerable to this type of attack because they get a lot of email that falls into generic categories, such as job applications, loan applications, and follow-ups, and they also retain and receive a lot of extremely private and valuable information.

How Can You Protect Your Business?

Fortunately, your mortgage business can take certain measures to avoid being hit. First, if you get a file or a download link emailed to you, check what kind it is. PDF and text files are reasonably safe to open, but you should never double-click an executable file unless you have a really good reason to run it. This applies even to files that may appear to come from people you know and trust.

If you have second thoughts after double-clicking and your computer immediately crashes, do not reboot it. Have it checked remotely by an IT security professional.

If you reboot after that sequence of events and it appears to be running CHKDSK, pull the plug. That's almost never good advice, but this is one of those rare occasions when it's the right thing to do.

Petya encrypts the Master File Table, which tells the computer where all the files are, but doesn't touch the actual content of the files. It's as if someone went through your library, tearing every page out of your books, erasing the page numbers, and scattering them randomly on the floor. All the information is still there; you just don't have any good way to get at it. A good disk recovery service may be able to reconstruct your files. It will still cost money, but at least you won't be helping to finance extortion.

Antivirus software companies are just now catching up with Petya, but we know that it’s only a matter of time before other viruses and security threats evolve. Keeping the protection on your computer up to date will help to stop these threats.

Using Access Business Technologies’ managed mortgage security solutions will protect you from new and existing threats. In particular, DocumentGuardian™ provides a secure way to send sensitive documents, scanning them for malware and rejecting anything that is infected. Access Business Technologies vigilantly monitors several sources for new spyware, ransomware, and other forms of intrusion, to help you stay ahead of cyber criminals. For more information about our services, please contact us.

Learn More

Topics: ransomware Petya ransomware

The Northern State BIA Home Tour

The North State Building Industry Association (BIA) is hosting a home tour.  This home tour brings together some of Sacramento's best home builders to give a fun and interactive tour of model homes in the region. The Sacramento Tri-County area is considered to be in a industry shortage, however there is currently 130 developments, building a total of 11,000 units.  These should be finished by the end of 2016 and are not featured on Metro List.

The North State BIA is the leading advocate for the home building industry in the greater Sacramento region. Representing over 500 members, including 35,000 industry jobs, the BIA is committed to preserving and furthering the economic interests of its members, while also working to enhance the industry's standing as a significant contributor to the regional economy.

Home Tour Dates July 14th -17th

Topics: ABT video blog Real Estate news

What Mortgage Companies Should Know About Ransomware


The scourge of ransomware is a growing threat to both individuals and companies around the world. This malicious type of software (or "malware") is perhaps one of the most damaging and pernicious around, and it poses a particular threat to mortgage companies and credit unions.

What is Ransomware?

Ransomware is a type of malware that, once unknowingly installed on a computer or device, restricts the user’s access to the infected system until they pay a ransom to the hackers to remove it. Because the data being held ransom is often of great importance and there is very little law enforcement or even trained IT personnel can do once the ransomware has been installed, many simply victims choose to pay it.

How are Ransomware Attacks Made?

Ransomware often infiltrates a system, not through an obvious corporate blunder, but through regular human mistake. Usually, the ransomware arrives in an email with a fake link, called a "Trojan" because it masks its true intentions to attack your system. The Trojan link may look like an innocent connection to an interesting news article or important data. The email may even appear to be from law enforcement or a government agency, tricking users by claiming they’re being audited or they’ve engaged in a crime, such as pornography or media piracy.

In reality, these trojan links contain the instructions to download and install ransomware onto the computer. Once the user clicks the link, it connects with the hidden server and the malware is automatically downloaded onto the computer. After the software is downloaded, the computer is completely frozen, except for a few basic operations like the mouse and the keyboard. The software works typically by setting the Windows Shell to itself or even modifying the master boot record.

Once infected, all of the files are hidden and the main programs won't run. The computer is essentially useless. The next step is where the term ransom truly comes from, because a screen pops up threatening to destroy or expose all of the files unless a payment (usually in bitcoin, a wire transfer, or Western Union payment) is made within a certain period of time.

How to Protect Your Mortgage Business Against Ransomware?

Because ransomware has proven frighteningly effective, hackers around the world, especially from Russia, are perpetrating this crime more now than ever before. This means it is becoming increasingly imperative that mortgage companies protect themselves from these threats.  

Access Business Technologies (ABT) is a leading provider of security software, specifically tailored toward the mortgage industry. Our focus on this industry gives us special insight into the needs and issues that financial firms have. We are especially aware of the ransomware risks mortgage companies face and have created active defenses against them.

For that reason, ABT has created DeviceGuardian. This innovative tool is easily installed on any existing or new devices, in order to protect your entire organization from increasingly pervasive security threats. DeviceGuardian allows ABT to securely manage all of your mortgage software, data, and users, without driving up operating expenses. At the same time, it improves efficiency by reducing the need for administrators to keep such a watchful eye over every device in your network.

The system proactively monitors all of the emails, documents, and messages entering your system for malicious links or software. If one is spotted, it automatically alerts the user. Software that are known ransomware are also blocked from downloading onto the network. In addition, DeviceGuardian™ ensures that all devices in your network are compliant with Consumer Financial Protection Bureau (CFPB) regulations, so you are covered in the occurrence of an audit.

For more information, please contact us. Our expert consultants will discuss your specific needs and recommend the best and most comprehensive security solutions for your mortgage firm. Don’t let you or your mortgage brokers fall victim to a ransomware attack. Protect yourself today.

Learn More

Topics: dangers of ransomware ransomware