A new ransomware group known as Skira emerged in early 2025, actively targeting businesses across various sectors, including the title and escrow industry. This group operates under a double extortion model, where they not only encrypt sensitive data but also threaten to publish it on the dark web if ransom demands are not met.
Why This Matters to Title and Escrow Executives
In April 2025, Skira claimed responsibility for an attack on Independent Title Agency LLC, a U.S.-based title firm. The group reportedly exfiltrated over 900 GB of sensitive data, including real estate documents, client records, and internal communications, placing both business continuity and client trust at severe risk.
Skira uses privacy-focused messaging platforms like Session to negotiate ransoms, making their operations harder to trace. Their victim list is growing and includes legal service providers, municipalities, and financial firms, signaling that real estate and escrow organizations are firmly in their sights.
Key Takeaways for Industry Leaders:
- Secure your data: Regular, off-site backups and strong encryption policies are essential.
- Know your access points: Identify and monitor external vendors, remote access tools, and legacy systems.
- Educate your teams: Phishing remains the top entry point for ransomware—train staff to recognize social engineering attempts.
- Be prepared: Develop and rehearse a ransomware response plan that includes communication, legal, and recovery strategies.
The Skira threat actor reinforces what the industry already knows: data is the new currency, and the title & escrow sector must act proactively to defend it.
