Wisconsin-based IT data service PerCSoft and the cloud management company Digital Dental Records (DDR) were hit this weekend by a wicked strain of ransomware. Hundreds of dental practices across the country rely on PerCSoft and DDR for remote data backup and archive of medical records, charts, insurance documents and other personal information. The attack was a result of a vulnerability that allowed the ransomware deployment over the weekend that left hundreds of dental offices locked out on Monday.
“We worked feverishly with the software company to shut it down and remove the threat, but many of you were hit in the process prior to them removing it and locking down the system,” said Digital Dental Record on Tuesday. Digital Dental Record was also adamant that there was no privacy breech. “This was a virus attack, not a data hack. No data is accessed or moved in these instances, it is locked and then has to be unlocked.”
Brenna Sadler, director of communications for the Wisconsin Dental Association, said that over 400 dental practices were encrypted but as of Thursday only 25% reportedly have services restored. Though Sadler stated she did not know if the ransom was paid, several outside sources are reporting it was. The exact amount remains unknown.
The exact strain of ransomware hasn’t been reported, though images on one Facebook group indicate it may be an extremely advanced virus known as REvil or Sodinokibi.
Cloud data and backup services have been increasingly under attack due to their lucrative payouts and widespread impacts. Cloud hosting firm iNSYNQ fell victim to an attack in July, Apex Human Capital was attacked in February, and back in December Dataresultion.net was hit.
The FBI and multiple security firms continue to advise victims to not pay the ransom demands. Often, companies are able to use third party solutions, backups, or free decryptors to regain services. Paying up remains the fastest route to recovery, however, so some security consulting firms are allegedly urging companies along that route.
“More often than not, paying the ransom is a lot cheaper for insurers than the loss of revenue they have to cover otherwise,” said Minhee Cho, public relations director of ProPublica, in an email to KrebsOnSecurity. “But, by rewarding hackers, these companies have created a perverted cycle that encourages more ransomware attacks, which in turn frighten more businesses and government agencies into buying policies.”
DDR has stated that they “deeply regret the frustration and inconvenience this has caused our clients” and that they are working to restore files as quickly as possible. Recovery may take several more days as the process is a slow and methodical one. Additionally, the company says it is “actively communicating with clients to answer questions, facilitate contact with appropriate insurance carriers and address other business concerns.”