Data Backup Digest

Ransomware attacks show no signs of slowing down. These types of attacks are where malicious groups will access an organisation’s data and then lock them out from it through encryption. The group will then demand a ransom for the data, only handing over the encryption key once they’ve received payment – if they’re true to their word, that is.

The latest attack comes in the US, where hundreds of dental offices across the country have been hit in an attack that targeted a remote data backup service provided by a third-party. The solution is called DDS Safe and is serviced by PerCSoft and Digital Dental Record (DDR), software companies based out of Wisconsin. DDS Safe backs up medical records to the cloud, an offline worksation and a local hard disk drive. The ultimate triple protection.

Sadly, the protection wasn’t strong enough. Attackers used the REvil ransomware to infect the infrastructure, which was also used recently to infect 23 Texas government agencies.

In a report conducted by Fidelis, a cybersecurity company, REvil is the fourth most popular strain of ransomware. Other popular ones include Ryuk (around a quarter of all attacks), Phobos and Dharma.

DDR found out about the attack on August 26, with around 400 dental agencies using their software now finding that they couldn’t access their data.

“Immediate action was taken to investigate and contain the threat. Our investigation and remediation efforts continue,” said Mark Paget, executive director of DDR. “Unfortunately, a number of practices have been and continue to be impacted by this attack.”

Percy Chaby, the owner of PerCSoft, issued a Facebook update to say that his company had got hold of decryption software and was sending this to the impacted dental offices so that they could regain access to their files. However, the post didn’t detail how PerCSoft were able to get this decrypter, which implies that the ransom money has been paid to the attackers. Currently around 100 dental offices have had their data restored.

A screenshot was shared by Brian Krebs, a security researcher, which seems to show a chat between PerCSoft and an impacted dental office. The conversation implies that PerCSoft had paid the ransom, after the dental office expressed upset about the situation. However, neither PerCSoft nor DDR have publicly admitted to paying the ransom.

“It had a devastating effect on our office,” said dentist Paul Levine to CNN. “Monday, Tuesday, Wednesday, until this morning when they got us up running, we were not able to see half of our patients because we were handicapped from taking x-rays. You can't see an emergency patient without an x-ray. You can't see a new patient without x-rays.”

Of course, attackers know the impact and urgency of their attacks, hence why they charge high ransoms. This won’t be the last ransomware attack to target organisations or state facilities. The US accounts for more than half of the attacks globally. These attacks are only going to continue, especially when organisations have proven themselves to be poorly protected against them and willing to pay the ransoms.