Ransomware Attack Threatens Closings, Sensitive Client Data

A ransomware attack on Cloudstar, which provides cloud hosting for title insurance applications, is threatening to derail mortgage closings and put sensitive client information at risk.

A ransomware attack on a company that provides cloud hosting for title insurance applications is threatening to derail closings and put sensitive client information at risk.

Cloudstar, which claims to operate the nation’s largest privately held settlement services cloud, first reported a “possible service interruption” affecting a “portion of our customers” on Friday, July 16.

Two days later, Cloudstar revealed that the company had in fact discovered on Friday that it “was the victim of a highly sophisticated ransomware attack.” In a Sunday, July 18, notice, Cloudstar said it had hired a third-party forensics expert, Tetra Defense, “to assist us in our recovery efforts and also informed law enforcement. Negotiations with the threat actor are ongoing.”

In another update Monday, the company said its Office 365 mail services, email encryption, and technical support services were “still fully operational and secure.”

On its website, Cloudstar says it operates six U.S. data centers, providing virtual desktop hosting and other services to more than 42,000 users.

Cloudstar says it offers cloud hosting for clients who use title insurance applications including SoftPro, RamQuest, ResWare, TitleExpress, Impact, RBJ Edge, Streamline, TitleScan, HalFile, LanTec, Double Time, Closer’s Choice and GreenFolders.

Cloudstars clients are title agents and other end users, not the software providers themselves, many of whom were quick to reassure clients.

SoftPro, for example, posted a notice on the company’s website Tuesday reassuring customers that the ransomware attack “has in no way impacted the functionality of SoftPro products or services. SoftPro was not breached or impacted in any way by this incident. Additionally, we have received no reports of impact from our integrated partners.”

Similarly, RamQuest said it had “not not been impacted by this ransomware attack as Cloudstar does NOT…