The attacks occurred over a two-day span from March 31 to April 1, overwhelming the company's servers with data requests that appeared to be legitimate communications. The cyber attack flooded Ellie Mae servers with requests to a URL that is used to download an XML file containing third-party technology vendors that integrate with the Encompass LOS via the Ellie Mae Network.
"It was a massive number of requests that came in and consumed the full capacity of one set of our servers around a specific URL," said Ellie Mae President and COO Jonathan Corr. "Where a classic denial-of-service attack would be a request that comes in that is not valid and would just create a lot of failed attempts, this was a valid request with a normal signature."
The attack was particularly suspicious, hinting at mortgage industry knowledge, for a few key reasons. First, the request appeared valid and was using a normal signature. Additionally, the cyber-attack occurred on the last day of the month and the last day of the quarter, a critical time for loan closings.
"That could be coincidence, I don't have evidence otherwise, but we find it very disturbing and we're trying to figure it out. It seems like that could be a possibility," Corr added.
The XML file being requested contains no sensitive data, and appeared like a request that would come from a client application used to access Encompass and the Ellie Mae Network—making it hard to initially identify the requests as a threat.
A press release issued by the company attempted to reassure users.
"Ellie Mae's technical operations teams are continuing their work to restore full functionality for Encompass users," the release said.
Sig Anderman, founder and CEO of Ellie Mae, commented, "We recognize the critical role our services play in enabling our clients to serve their customers and deeply regret the inconvenience and delays they are experiencing. The performance and security of our platform is our number one priority. We are doing everything within our power to restore full operations as soon as possible."
Ellie Mae has hired Stroz Friedberg, a cyber-security and digital forensics firm, to look into the attack as well as any possible data or security breaches.
The investigation of the attack is ongoing.