Ransomware attackers hit major title industry cloud services provider Cloudstar, stopping an untold number of loans from closing on Monday.
The ramifications for the title and mortgage industry may extend beyond the immediately impacted loan applications. Late Monday afternoon, Cloudstar’s services were still offline.
In a statement, Cloudstar said it had already brought on third-party experts to assist in recovery efforts, and had already alerted law enforcement. The company declined to provide a definitive restoration timeline. Experts said that such incidents typically take 10 days to two weeks to resolve.
“We will continue to investigate this incident and provide updates to our customers as we have additional information to share,” a Cloudstar spokesperson said.
Cloudstar declined to specify how many clients the outage affected. But with Cloudstar services still offline Monday, a large segment of the market could be left unable to close. The American Land Title Association said Cloudstar operates six data centers in the United States and has more than 42,000 users.
Presented by: Radian
Ransomware refers to the use of malicious software, or malware, to render data systems unusable in order to charge a ransom. Cyberattackers typically pressure victims to pay the ransom to keep data from being destroyed or released to the public.
In June, a Biden administration official wrote to business leaders warning of ransomware attacks. Anne Neuberger, deputy national security advisor for cyber and emerging technology, wrote that the Biden administration would seek to disrupt cyberattacks — including by holding “countries that harbor ransomware actors accountable.” The letter also urged business leaders to take steps to defend against cyberattacks.
“Many ransomware criminals are aggressive and sophisticated and will find the equivalent of unlocked doors,” wrote Neuberger.
John-Thomas Gaietto, executive director of cyber advisory services at financial services firm Richey May & Co, told HousingWire that it came as no surprise that a service provider for the title industry was the target of the latest large-scale cyberattack.
“When we sit down and talk to leaders in the mortgage industry, the biggest area of concern is the title companies,” Gaietto said. “Some of them are still using personal web mail from hotmail.”
The Cloudstar cyberattack blast radius could also extend beyond stalled mortgage loans. Financial services firms who are victims of ransomware can expect lasting reputational harm and even state regulatory fines if ransomware attackers release consumer data. (Several of Cloudstar’s competitors were quick to offer their services to affected customers when word of the attack got out.)
The incident may also further accelerate consolidation in the title industry. Smaller businesses are not likely to be able to shoulder the cost of guarding against cyberattacks, Gaietto said, not to mention paying ransoms when incidents do occur.
“Ransomware will become a much more important dynamic in the industry,” Gaietto said. “And I just don’t see how smaller organizations continue to compete.”