An IT company in Colorado that offers managed IT services to dental offices experienced a ransomware attack. Using the company’s systems, over 100 dental practices were likewise attacked by ransomware.
The ransomware attack on Complete Technology Solutions (CTS) based in Englewood, CO started on November 25, 2019. A KrebsonSecurity report stated that CTS received a ransom demand of $700,000 in exchange for the keys to disable the encryption. The company decided not to pay the ransom.
When providing dental practices with IT services, access to their systems is given to CTS using a remote access tool. Hackers seem to have used that tool to access the systems of CTS clients and attack it using Sodinokibi ransomware.
A few of the dental practices hit by the attack were able to recover their data using backups, specifically those that had stored a copy of their data offsite. A lot of dental practices continue to have no access to their data or systems and are turning down patients because of continuing system failures.
KrebsonSecurity reports that a few of those practices are attempting to make a deal with the attackers to get the keys to unlock their data.
Due to several ransom notes and file extensions, data recovery has been challenging. And so, recovery of some encrypted data has been possible after paying the ransom demand. To unlock other encrypted files, it required paying an additional ransom. Black Talon Security mentioned to KrebsonSecurity the condition of one dental practice that had 50 encrypted devices and got over 20 ransom notes. There were several payments made to recover data.
There was a similar attack on the Wisconsin company PerCSoft, which resulted in the ransomware attack of about 400 dental offices in August 2019. PerCSoft is a company providing dental offices with digital data backup services. The hackers used the Sodinokibi ransomware.
Ransomware gangs are increasingly targeting managed service providers. Through one attack on a managed service provider, the attackers could strike many other firms, so that the returns are much higher.
A Kaspersky Lab recent report stated that ransomware attackers are focusing on backups and Network Attached Storage (NAS) tools to make it tougher for victims to get back their files for free and not pay the ransom.
The most recent attack demonstrates the importance of creating backups of all critical information. So make sure to at least have one backup copy of files to be stored securely off-site, on a non-networked device that is not accessible online.