Last weekend, the title insurance industry was served up a grim reminder that cybersecurity risk management must remain a top priority when Cloudstar, a firm that operates a data center for the title agency, was hit with a debilitating ransomware attack.
According to the company’s website, the firm discovered it was the victim of a highly sophisticated attack on Friday, July 16. By Tuesday, July 20, the last time the company posted an update to its website, the service was still down.
Details of the event are still coming to light and we still don’t know the attacker’s demands or exactly how many real estate closings were impacted by the outage. What we do know is that these types of attacks are not limited to our industry.
“Experts have estimated that a malware attack will happen to a business every 11 seconds by the end of 2021 with yearly losses of trillions of dollars. Half of the small to medium-sized businesses suffer from malware or ransomware attacks and 60% of the time, they go out of business within a year of the attack,” according to Trader Defense Advisory, a company that works to protect firms from these attacks.
As Cloudstar works to bring its business back online, other firms around the title industry are stepping in to serve title companies with missing data.
According to Shawn Fox, director of sales and marketing for Premier One, “Unfortunately, these companies do not have any of their data since the backups were affected in this attack as well,” Fox said. “We are setting them up with a blank database of the production software to get them operational for (Monday). As of right now, if a title company has not made any plans and are just hoping that Cloudstar comes back, they will not be able to process any orders. A lot of the customers also had their emails hosted with Cloudstar so they are also having a hard time with communication.”
Kevin Nincehelser, Chief Operating Officer for Premier One, said his firm is telling title companies affected by the attack to verify their security status and ensure there is not an active threat to IT assets. “Title companies should restore their ability to process new orders. This can be accomplished by obtaining a new instance of their production software on-premises or hosted with an available vendor such as Premier One, OP2, SoftPro, or Qualia. Companies also must rebuild production processes and workflows. For many agents, the extensive customization to their production software will be lost. It’s best to begin rebuilding as soon as possible.”
For it’s part, Cloudstar says it has retained third-party forensics experts Tetra Defense to assist in its recovery efforts and also informed law enforcement. “Negotiations with the threat actor are ongoing,” the company said on its website. “Additionally, we have informed all of our customers and are committed to helping them through this and working in the best interest of the industry. We will continue to investigate this incident and provide updates to our customers as we have additional information to share.”
This is not a problem that will go away anytime soon, especially for smaller firms operating in our industry. According to a feature in the March/April 2021 issue of Inc. magazine, the small and mid-sized business (SMB) market is a “target-rich environment for cybercriminals. Hackers are taking advantage of confusion triggered by the coronavirus, and data breaches almost tripled in the first quarter of 2020.
According to the publication, the average cost of a ransomware attack in the SMB market is estimated at $133,000 and attacks occur every 14 seconds.