Complete Technology Solutions (CTS), a Colorado-based IT services provider to oral-care practices, have reportedly been affected by a “Sodinokibi” ransomware attack.
According to security researcher Brian Krebs, attackers installed Sodinokibi on computers at more than 100 dentistry businesses that rely on CTS for IT services, including network security, data backup, and voice-over-IP phone service.
The researcher stated the attack occurred on November 25, via a compromised remote administration tool. Many of CTS’ clients are struggling to recover their data and business operations, as CTS declined to pay the US$ 700,000 ransomware demand.
According to sources, few individual dental offices have opted to pay the ransom in smaller amounts to decrypt their own data. It’s said that the dental offices received multiple ransom notes and asked to purchase multiple decryption keys in order to salvage all their data.
Many of CTS’s customers took to social media handles to post about the attack and discussed steps they’ve attempted to recover their files. “I would recommend everyone to reach out to their insurance provider,” said one dentist based in Denver. “I was told by CTS that I would have to pay the ransom to get my corrupted files back.”
Gary Salman, CEO of Black Talon Security, assisted several CTS clients in the recovery process.
“For one network we recovered, that had 50 devices in total, they had to turn in more than 20 ransom notes to fully recover. Attackers may just be hedging against the possibility that different affected practices could save money by sharing the same decryption key. In the end, the attackers are going to walk away with a lot more money than they would have gotten had [CTS] just paid the $700,000,” Salman said.
In a similar security incident, Virtual Care Provider, a technology services provider for nursing homes and acute care sites, was hit with a ransomware attack that seized access to patients’ health records.
The Milwaukee-based company reported that unknown attackers injected ransomware known as “Ryuk” inside its network systems. The company stated that hackers demanded US$ 14 million to restore access to its hijacked servers. Virtual Care Provider said around 110 nursing homes across the country are unable to access their patient records, use the Internet, pay employees, and order crucial medications.
According to the Chief Executive and owner of Virtual Care Karen Christianson, the incident had affected 80,000 computers and other facilities, including Internet service and email, access to patient records, client billing, phone systems, and payroll operations.