realestatebusiness logo
Home of the REB Top 100 Agents

Ransomware gang posts 30GB of data it claims belongs to a Victorian real estate group

By David Hollingworth
04 October 2023 | 11 minute read
Network Pacific Real Estate hack reb ojtug5

The Ragnar Locker gang is claiming to have breached Network Pacific Real Estate, following a failure in negotiations.

The group posted a trove of exfiltrated data – archived into a series of WinRAR files totalling 30.6 gigabytes – on 30 September. Alongside Network Pacific’s address and contact details, the hacking gang also added commentary on the state of negotiations with the Victorian estate agent.

“After a very long wait for a reaction from ‘Network Pacific Real Estate’ management, and attempts to convince management – that it is better to work together to fix the vulnerabilities and avoid leaks, we are forced to publish the entire data package,” a Ragnar Locker spokesperson said. “The ‘Network Pacific Real Estate’ management proved to be completely uninterested in protecting user data.”

“Unfortunately, saving money on security was much more important to the company, then [sic] protecting data and care about personal information they gathering and storing,” the hacking gang added.

“So now, according to our rules we are publishing the full data which were compromised during security research of the ‘Network Pacific Real Estate’.”

After that follows the same motto that Ragnar Locker shares on each of its leak posts: “Those organisations who [are] collecting and storing private data, should be in charge of it’s privacy.”

This seems to be trying to say – somewhat rightly – that organisations charged with protecting personally identifiable information should do more when it comes to the actual protecting part.

As of writing, Network Pacific has not published an advisory of any breach on its website, nor has it responded to requests for comment, both written and over the phone, from REB’s sister brand Cyber Security Connect, although Cyber Security Connect has been able to confirm the leak includes personal information belonging to Network Pacific employees.

What could be at stake?

Like many real estate agents, Network Pacific keeps a lot of customer information on file, and for some time. According to Network Pacific’s own privacy policy, it collects full contact details, as well as current and desired property information.

In addition, Network Pacific collects even more information from prospective renters, including driver’s licenses, employment and income information, and information from third-party information.

“Where reasonable and practicable to do so, we will collect your Personal Information only from you,” Network Pacific’s privacy policy reads. “However, in some circumstances we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.”

The company does not go into who such third parties are, however it does touch on the security of the personal information it collects.

“Your Personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorised access, modification or disclosure,” Network Pacific says, before adding that it keeps such information for a “minimum of seven years”.

Who is Ragnar Locker?

The ransomware gang behind the apparent leak was first observed in April 2020 by the FBI, though in truth Ragnar Locker has been in operation since at least December 2019.

The gang is known to use brute force attacks to crack passwords and to purchase stolen credentials on the darknet. It then takes advantage of a known vulnerability – CVE-2017-0213 – to escalate its privileges and run its own custom ransomware.

In the past, Ragnar Locker has targeted gaming company Capcom and Energias de Portugal’s US operations in 2021. Other historical victims include the Campari Group and Dassault Falcon Jet, with more recent victims including Stratesys, Retail House and Citizen, just in September alone.

Ransomware gang posts 30GB of data it claims belongs to a Victorian real estate group
Network Pacific Real Estate hack reb ojtug5
lawyersweekly logo
You need to be a member to post comments. Become a member for free today!

Comments powered by CComment

Do you have an industry update?