Data from hundreds of US dentists encrypted by ransomware

Data from hundreds of US dentists has been encrypted by ransomware after attacking the IT provider of their backup provider. The dental practices use DDS Safe, a product of Digital Dental Record (DDR). Through the service, dentists can have medical records, company data and other data archived and secured. DDR even promotes its own service as a solution for ransomware.

DDR uses PercSoft’s cloud services to store all data. Last Monday, the it supplier became the target of an attack. The attackers used the remote management software that DDS Safe uses to back up dental offices to install ransomware on the systems. As a result, some four hundred dental practices no longer had access to their data. It was also not possible to take X-rays, PercSoft says. Several practices report that due to the infection, they may not be able to process salary payments this week.

It is not known how many attackers demanded to decrypt the files. The it supplier has paid the ransom, because a day after the infection, the company had a decryptor to decrypt the files ( PDF ). However, decrypting and restoring all systems can take several days, according to DDR ( PDF ). How the attackers managed to gain access to PercSoft’s system is unknown.

It has happened several times in recent months that managed service provider (MSP) customers have become infected with ransomware. In one of the latest incidents, the attackers managed to connect to the MSP via RDP, and then installed the ransomware on customer systems via a management console.