Though there have been no official public updates from Rapattoni—the beleaguered MLS software provider which last week suffered a ransomware attack—agents who have been locked out of their MLSs for almost a week may have services restored in the next couple days, though details are still foggy.
In an update posted to their website last Friday, the Bakersfield Association of REALTORS® (BAR) in California claimed that Rapattoni “successfully restored the MLS database” and was “expected” to go live by today, depending on internal testing over the weekend.
A separate update shared this morning by the the San Francisco Association of REALTORS® (SFAR), another affected MLS, wrote that Rapattoni “has completed restoring your data through Sunday, August 5” and that SFAR’s systems should be online “within DAYS (not weeks).”
Last Friday, SFAR President Damon Knox said in a video message that Rapattoni had decrypted locked-out files and tried to create a new MLS on new servers using backups, but that effort had failed. It was not clear when or how the company had apparently succeeded in restoring services.
A message sent to Rapattoni CEO Niki Rapattoni seeking further details was not immediately returned. Representatives from SFAR and BAR did not immediately respond to messages seeking more information.
Even with these positive developments, which would seem to indicate Rapattoni has resolved the ransomware attack, the fact that a cyber intrusion could prevent thousands of agents from doing their jobs for more than a week has raised plenty of concerns in the MLS industry. As a large number of MLSs depend mostly on third-party tech infrastructure, agents are asking if more needs to be done for the safety and security of these systems.
Tim Dain is the CEO of NorthstarMLS, which serves nearly 15,000 members across Minnesota and Wisconsin. While Northstar was not affected by the attack, Dain says this is the right time to talk about the ways MLSs are prepared—or not prepared—for security threats.
“(Data security) is a rather dull and boring subject that people don’t read about until something like this happens,” Dain says.
Days after the attack, Northstar signed up for a new service provided by Real Estate Webmasters (REW), called MLS Backup, which harnesses the company’s Global MLS infrastructure to provide data redundancy in case service is interrupted.
REW CEO Morgan Carey tells RISMedia via email that the MLS Backup was a “lightning fast pivot” to meet security needs for the industry following the ransomware attack.
“This is hopefully the solution they never need to use!” he says. “It’s an insurance policy that makes sure even if they go down (due to a hack, a catastrophic technology failure or a rogue employee who locks them out), that they have a backup option.”
Hack and slash
Data security is a very costly and complex proposition for an MLS, regardless of size. Dain says that while Northstar already had multiple layers of security and redundancies in place, adding MLS Backup was still very worthwhile.
“So we’re (already) doing live 30-minute backups to a sort of hot swap server. So if we were in the same situation, I’d like to think we’re in a better position than the overwhelming majority of MLSs,” Dain explains. “What (Carey) has added is something that’s completely disconnected from our environment…so if we were to somehow be compromised over here, it’s highly unlikely he would have the same compromising position.”
Northstar’s systems were extensive and powerful enough that national brokerage eXp was able to work with the MLS to help 4,000 affected agents input and access listings on eXp’s own site as well as Zillow, according to an eXp spokesperson.
With how much disruption this attack has caused, Carey says that the need for the MLS Backup service was “painfully obvious” to him as the chaos unfolded. In a separate blog post, he described how MLSs historically have rarely or ever had access to a commercial backup service.
“The technology has been reliable enough that there has never been a need. It would also be a tough sell to an industry not known for spending money on technology,” Carey wrote.
Dain agrees, saying he knows smaller MLSs (who make up an outsized number of those affected by the Rapattoni attack) simply cannot afford to build their own databases and redundancies the way Northstar does. But the possibility of spending 10 days (and counting) using email blasts, social media and spreadsheets to track and market listings should give anyone pause, he says.
“It could become part of the discussion on why some MLSs might want to consolidate into larger regionals, but that’s not a cheap proposition,” Dain says. “Could some of the larger ones pivot? They could, and maybe they should, but I don’t think the smaller ones can afford to build their own tech the way we do.”
He adds that larger MLS providers like CoreLogic have begun emphasizing security in the last few days, providing greater clarity on their plans to stop or recover from a cyberattack. But the core problem remains that if those third-party providers are compromised, MLSs without their own backups can do very little.
With all of its back-end software built in-house, Northstar is theoretically prepared for the kind of devastating attack that hit Rapattoni, with extensive disaster recovery plans. For those who still have to rely on third-party service providers, though, something like MLS Backup, which promises to at least allow members basic functionality even in the case of major outages or cyberattacks (Carey also cites the possibility of a “rogue employee” taking down systems) could make a huge difference.
“With a phone call, (Carey) could spin up a way for agents to continue to maintain listings in his environment, so they could do price changes, status changes, things like that,” says Dain. “And then he’s working on sort of a distribution network to update those listings on realtor.com® or other brokerage websites like Zillow or Redfin or wherever else.”
CRMLS, which was also not affected by the hack, has temporarily allowed California agents affected by the hack to use their systems, which also go out on the big national portals. Other MLSs have offered guidance to members on using neighboring MLSs, portals or other third-party services, but that guidance was often scattershot and changing day-to-day, with some decrying a lack of communication from Rapattoni.
Communication overall has become a huge issue during the ongoing outage, as agents and brokers simply trying to do business are clamoring for any sort of update from their MLS staff—an issue that is inherent to the territory.
Dain says that during a cyberattack, both legal counsel and law enforcement are likely going to strongly advise against communicating too much publicly. And Northstar’s technology staff have advised against offering too much detail about systems and plans for fear of tipping off potential attackers regarding vulnerability, making it harder to assuage fears by members or letting them know what to expect during an outage.
Northstar is currently reviewing its plans, which cover events from terrorist attacks to pandemics, and updating members on new supports like MLS Backup. While it can be hard to test many of these scenarios, Dain emphasizes the importance of revisiting and walking through as much as possible.
“It’s more about assuring everybody that we do have a plan in place and we have multiple failovers that can be enacted if and when they need to be,” Dain says.