A newly emerged ransomware group called Skira is making waves in 2025, and they've already hit a U.S. title company, exfiltrating over 900 GB of sensitive data.
Skira uses a double extortion model: encrypting data while threatening public exposure unless a ransom is paid. Their leak site is active, and negotiations take place through privacy-first apps like Session, making detection and response more difficult.
📍 Why this matters:
Title & escrow firms manage high-value transactions, PII, and financial data - exactly what threat actors like Skira look for. One misstep can disrupt closings, damage trust, and expose clients.
🔒 Key Actions for Leaders in Real Estate & Settlement Services:
* Strengthen backups and endpoint protection
* Conduct regular phishing awareness training
* Audit vendor access and remote entry points
* Build and test a ransomware response plan
The threat is real, and it's here. Let's stay ahead of it.
#ALTACyber #cyber411
------------------------------
Bruce Phillips
SVP & CISO
WFG National Title Insurance Company
Irvine CA
+1 (949) 430-3776
------------------------------