Ransomware disrupts a hundred American dentists

More than a hundred dental practices in the US have become infected with ransomware after their IT service provider was compromised. Complete Technology Solutions (CTS) provides network security, managed it services, backups and voip services for dental practices in Denver, Phoenix, Dallas, Las Vegas, and Kansas City.

Attackers managed to compromise CTS and hence infect dental practices that are customers of Sodinokibi ransomware. The ransomware infection disrupted the services’ services, it journalist Brian Krebs reports . The attack started on November 25, but customers have still not recovered. Several affected dentists and a security company that helps a number of practices inform Krebs that CTS refused to pay the $ 700,000 ransom.

Some practices that do not have backups are now negotiating with the attackers themselves to get their data back. “The attackers are now running away with much more money than if CTS had paid the $ 700,000,” said Black Salon Security’s Gary Salman, who helps various practices with the recovery. According to Salman, the attackers compromised the remote administration tool that allows CTS to remotely manage customer systems.

“Many of these IT service providers have active sessions on every client computer. When a customer calls the IT service provider, they can log in immediately and fix the problems,” says Salman. In this case, the attackers were able to log into the dentist systems and infect them with ransomware. In a closed Facebook group, some dentists say that they are still closed due to the infection, much to the dismay of patients and staff.

In August, another 400 dental practices were hit by ransomware after an attack on the IT provider of their backup provider. This attack also involved the Sodinokibi ransomware and the attackers managed to enter via the remote administration tool.