Dental offices across the United States were targeted in a large-scale ransomware attack perpetrated through third-party software meant to protect data, according to reports.
The software in question is based out of Wisconsin, and it’s from two companies called PerCSoft and Digital Dental Record (DDR). It’s called DDS Safe, and it’s advertised as providing three layers of protection by backing up information to a cloud, a workstation that doesn’t go online and a hard disk drive that stays in office.
Attackers used a program called REvil (aka Sodinokibi) ransomware to infiltrate the security, and it worked. This particular brand of ransomware is also reportedly responsible for a breach of 23 agencies in Texas.
“Immediate action was taken to investigate and contain the threat. Our investigation and remediation efforts continue,” said Mark Paget, executive director of DDR. “Unfortunately, a number of practices have been and continue to be impacted by this attack.”
The owner of PerCSoft said that it had decryption software that it was giving out to its affected clients. However, the company didn’t mention how it got the decryption software, which implies that it probably paid the ransom. Around 100 offices records have been restored.
KrebsonSecurity recently shared a screenshot of conversation between PerCSoft and a dental office where the company said it was paying the ransom, according to reports. The amount of money requested has not been reported, and the companies have not publicly said they paid any ransom.
A recent report showed that REvil is the fourth most popular brand of ransomware being used by hackers. Ryuk, Phobos and Dharma are also popular.
One of the biggest reasons that hackers are increasing ransomware attacks could be that insurance companies have started covering the costs of an attack minus a deductible, an amount that is generally a lot less than the attacks themselves.
ProPublica reported that hackers might even be increasingly targeting companies with ransomware insurance, and that insurance companies have “cyber extortion negotiation services” to help companies get the data back.
“By rewarding hackers, it encourages more ransomware attacks, which in turn frighten more businesses and government agencies into buying policies,” the report said.