Lending industry still feeling impact from Cloudstar ransomware attack

[Editor’s Note: This is a developing story. Scotsman Guide will update the story as it develops.]

Cloud solutions company Cloudstar was hit with ransomware last week, rendering its digital services offline and impacting operations for title, lending, and real estate businesses nationwide.

Jacksonville-based Cloudstar is a major provider of cloud hosting for title software data, acting as a partner for hundreds of title and mortgage companies across the country. Consequently, the Cloudstar service interruption that occurred on July 16 — caused by what it described as a “highly sophisticated” ransomware attack — left the processing of myriad mortgages in limbo, and, as of Thursday, the fintech was still hard at work internally to right its ship.

“We are continuing to work around the clock with our third-party experts to investigate the nature and scope of this attack,” Cloudstar published on its website on July 20. “We are meticulously scanning our systems to determine exactly which ones were impacted by malware, and which ones may still be viable and/or clean to bring back online. … We are still very much so in the containment and remediation phase and appreciate our valued partners’ patience at this time.”

The company thus far has declined to give a concrete timetable for full and secure restoration of its services. In a 2020 survey by cybersecurity firm Veritas, 66% of responding IT professionals worldwide estimated that it typically takes five or more days to completely recover from a ransomware attack if the ransom isn’t paid. And with such attacks becoming more and more complex, that resolution timeline often stretches into several weeks.

The perpetrators of the ransomware attack have yet to be identified publicly, although Cloudstar indicated earlier this week that negotiations with the attackers were under way. Meanwhile, the attack has shined a spotlight on the vulnerability of the title and lending industries to a breach of one of their broad-scale digital partners.

“This incident highlights the risk within not only the title industry, but all industries, of a potential cyber event and the impact of a single point of failure (SPoF) within the system,” wrote Fitch Ratings in commentary on Thursday.

“According to Cybersecurity professionals, SPoFs can come from weaknesses in hardware, software, mechanical infrastructure, and other key entities in the supply chain, including cloud providers. The infection of a SPoF is called a ‘force multiplier’ meaning it creates a significantly larger event than attacks that infect a single system. … As vendors and suppliers emerge with significant market share, their efficiencies in costs and time can be beneficial for their clients, but their downtime can have a disproportionate impact on an industry.”

While some of Cloudstar’s services, including email encryption and technical support, are operational, interruptions to the processes relevant to smooth operations within the title industry remain unresolved. The longer those systems are offline, the greater the potential for significant disruption to the mortgage lending sphere.


More Headlines