Around 400
dental offices across the United States have fallen victim to ransomware after
the operators breached an IT vendor shared by all the practices.
A notice
sent out by the Wisconsin Dental Association reveals that hackers breached the
backend software shared by hundreds of dental practices around the country and crippled
their computers, incapacitating the offices.
“PerCSoft,
the IT vendor for DDS Safe, took immediate action to contain the threat;
however, roughly 400 practices around the country lost access to electronic
files as a result of the virus,” the notice reads.
According to sources familiar with the matter, the IT vendor resorted to paying the attackers ransom to obtain the decryptor and help out victims of the attack. The process is slow, but ongoing, according to the WDA Insurance & Services Corp., which endorsed the product.
The
ransomware strain used in the attack is REvil, also knowm as Sodinokibi or Sodin,
a continually evolving piece of malware with a considerable market-share in the
ransomware scene in recent months.
As Catalin Cimpanu observes in a coverage of the incident for ZDNet, the vulnerable backend software is ironically advertised as an actual solution against ransomware. At the time of this writing, the marketing materials touting DDS Safe’s anti-ransomware abilities, are still up on the vendor’s website.
It is believed the same group behind this attack is responsible for similar attacks targeting MSPs in June of this year, and later in August, days before the attack on dental practices. While the group likely exploited different bugs in the supply chain of their victims, the modus operandi is identical.