Ransomware incident at major cloud provider disrupts real estate, title industry

A ransomware incident at Cloudstar, a cloud hosting service and managed service provider for several industry sectors, has disrupted the activities of hundreds of companies.

Cloudstar, which operates several data centers across the US, is primarily known in the mortgage, title insurance, real estate, legal, finance, and local government sector, where it provides services like virtual desktop hosting, software-as-a-service offerings, and other managed cloud infrastructure, which underpin many companies' IT infrastructure.

On Friday, the Florida-based company announced that it suffered a "highly sophisticated ransomware attack" that forced it to take down the vast majority of its services.

With the exception of its encrypted email service, Cloudstar said in a status page today that most of its infrastructure continues to be down three days after the attack.

The company did not name the ransomware gang behind the attack but said on Sunday that it already started negotiations with the hackers.

Cloudstar is currently desperate to recover its customers' data, many of which have resumed operations on Monday only to discover that crucial real estate, legal or financial files had disappeared over the weekend.

While Cloudstar has customers across a wide range of sectors, the company's primary userbase is the real estate and title industry, and the incident has prevented many real estate brokers today from registering transactions and property closings.

Cloudstar faces a weeks-long data restoration process

In an interview with The Title Report, which first broke the news about the ransomware incident on Saturday, Cloudstar President Christopher Cury told the news outlet they don't have a timeline for when they will be able to restore customer files.

A Cloudstar spokesperson was not available to answer additional questions following phone calls earlier today.

However, the bad news for Cloudstar is that usually, attacks on web and cloud hosting providers take weeks rather than days to recover, primarily due to the large amount of customer data and servers that need to be reimaged and restored.

Attacks on these types of targets have been common in recent years, as web hosting companies are usually inclined to pay ransom demands in order to ensure minimum downtime for their customers, making them very attractive to many ransomware gangs.

Over the past few years, we've seen incidents at Swiss Cloud,, Equinix, CyrusOne, Cognizant, X-Cart, A2 Hosting, SmarterASP.NET,, iNSYNQ, and Internet Nayana, just to name the larger attacks.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Catalin Cimpanu

Catalin Cimpanu

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.