Ransomware attack leaves 100 dental practices struggling

2019 12 10 23 12 7806 Ransomware 400

A company in Colorado that specializes in providing IT services to dental practices experienced a ransomware attack that has been plaguing operations at about 100 dental offices since November, according to news reports.

Multiple customers told KrebsOnSecurity on December 7 that Englewood-based Complete Technology Solutions (CTS) was hacked, and ransomware infected and locked the systems of approximately 100 dental offices that use the company for services, including data backup, network security, and voiceover-IP phone service.

Complete Technology Solutions was struck on November 25 by a strain of ransomware known as "Sodinokibi" or "rEvil," which is the same strain that struck dental IT provider PerCSoft, encrypting the files of about 400 dental businesses in August 2019. Some practices continue to be affected with outages and are still trying to recover from the November attack.

CTS declined to pay an initial $700,000 ransom demand for a key to unlock infected systems at all customer locations. Dental practices began complaining about the situation, including the continued lack of access to their patient files, the loss of income, and the possibility of paying their own ransoms to free their files, in a private Facebook group.

Some dentists have claimed that CTS told the practices they will have to pay their own ransoms. Representatives from CTS have yet to comment.

Other issues complicating restoration efforts include some dental practice victims receiving multiple ransom notes and encrypted file extensions. Therefore, some practices were only able to unlock some of the scrambled files with the decryption keys provided by the attackers.

New York-based cybersecurity firm Black Talon Security has assisted some dental practices with recovery. The company reported that one network it worked with had to turn in about 20 ransom notes to fully recover. Unfortunately, the attackers likely are to make more money than if CTS had paid the initial $700,000 ransom note.

Attackers likely gained access to CTS' clients through a remote administration tool the company uses to remotely configure and troubleshoot systems at its customers' dental offices. Clients did not require additional authentication to use this tool, according to reports.

Page 1 of 547
Next Page