Cyber Incident Victim: CloudStar
Date:
Jul 2021
Location:
United States of America
Summary
A ransomware attack on a major cloud hosting provider disrupted services for numerous companies, particularly impacting the real estate and title industries by preventing property transactions and closings. The incident forced widespread infrastructure shutdowns, excluding encrypted email services, with recovery expected to take weeks due to the extensive data restoration required. The provider, serving sectors including legal, finance, and local government, entered negotiations with the attackers while customers experienced significant operational delays and data loss affecting critical files.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 16, 2021, Cloudstar, a Florida-based cloud hosting service provider primarily serving the mortgage, title insurance, real estate, legal, finance, and local government sectors, publicly disclosed a ransomware attack that forced it to take down the majority of its infrastructure. The company described the incident as a "highly sophisticated ransomware attack" but did not identify the responsible threat actor group. By July 18, Cloudstar had initiated negotiations with the attackers, according to its public communications. The company's status page indicated that three days post-attack, most services remained offline except for its encrypted email system. Cloudstar President Christopher Cury stated in an interview with The Title Report that there was no definitive timeline for restoring customer files, acknowledging the complexity of the recovery process. The incident severely disrupted operations for hundreds of Cloudstar's clients, particularly within the real estate and title industries, where the company provided critical virtual desktop hosting, software-as-a-service offerings, and managed cloud infrastructure.
The attack's impact became acutely visible on Monday, July 19, when customers attempting to resume operations discovered that essential real estate, legal, and financial files had become inaccessible or disappeared entirely. Real estate brokers reported being unable to register transactions or complete property closings due to the outage. Cloudstar faced a protracted restoration effort expected to span weeks, attributed to the need to reimage and restore vast quantities of customer data and servers across its U.S. data centers. Industry observers noted that cloud and web hosting providers like Cloudstar represent high-value targets for ransomware groups due to their economic incentive to pay ransoms and minimize customer downtime. The incident aligned with a pattern of similar attacks on providers such as Managed.com, Cognizant, and iNSYNQ in preceding years. Cloudstar did not disclose whether it paid a ransom or the status of negotiations beyond its initial confirmation, and company spokespersons were unavailable for further comment following initial media inquiries.