An IT business in Colorado that provides managed IT services to dental offices encountered a ransomware attack. By means of the organization’s systems, 100 other dental practices were similarly attacked by ransomware.
The ransomware attack on Complete Technology Solutions (CTS) located in Englewood, CO began on November 25, 2019. A KrebsonSecurity report mentioned that CTS got a ransom demand worth $700,000 to get the encryption unlock keys. The firm made the decision not to pay off the ransom demand.
In providing dental offices with IT services, systems access is provided to CTS with the use of a remote access device. Hackers appear to have employed that device to gain access to the systems of CTS customers and attack it with Sodinokibi ransomware.
A number of the dental practices affected by the attack had recovered their information by means of their backups, particularly those that had saved a backup of their data offsite. Several dental practices continue to be without access to their information or systems and are declining patients as a result of prolonged system breakdowns.
KrebsonSecurity remarks that a number of those dental practices are seeking to bargain with the attackers to acquire the keys to recover their information.
Because of various file extensions and ransom notes, file recovery has been problematic. And thus, restoration of a number of encrypted data was possible after paying off the demanded ransom. To recover other encrypted data, it needed paying more ransom. Black Talon Security said to KrebsonSecurity the situation of one dental practice which had 50 encrypted devices and was given above 20 ransom demands. There were a number of payments made to retrieve files.
There was an identical attack on the Wisconsin organization PerCSoft, which led to the ransomware attack of close to 400 dental offices in August 2019. PerCSoft is a business providing dental practices with digital data backup services. The hackers deployed the Sodinokibi ransomware.
Ransomware gangs are increasingly attacking managed service providers. By means of just one attack on a managed service provider, the hackers can hit a lot of other organizations, making the profits are a lot higher.
In a Kaspersky Lab’s latest report, it mentioned that ransomware attackers are aiming for backups and Network Attached Storage (NAS) gadgets to make it more difficult for victims to retrieve their files at no cost and not pay the ransom demand.
The newest attack highlights the value of making backups of all critical files. Therefore make sure to at least create one backup copy of data files to be kept safely off-site, on a non-networked gadget that is not connected online.