DDS Safe, an online cloud-based data backup system that hundreds of dental practice offices across the United States are using to safeguard medical records and other information of their patients from ransomware attacks has been hit with ransomware.
Provided by two Wisconsin-based companies, Digital Dental Record and PerCSoft, the backend system of affected medical records retention and backup solutions has probably been hit by Sodinokibi ransomware, also known as Sodin or REvil malware.
Though it's not yet clear how attackers managed to compromise the company's infrastructure, the latest ransomware attack is yet another example of successful supply chain attack, crippling computer systems in 400 dental practice offices around the United States this week.
According to statements released by both companies, the ransomware virus hit a remote data management software on Monday, August 26, that DDS Safe uses to back up its client data and encrypted files of hundreds of dental practice customers relying on the backup solution.
The ransomware attack had some serious effect on some dental offices, with one McFarland dentist quoted by CNN as saying: "We have no access to the patient charts, schedule, x-rays, or payment ledger. The doctor cannot do proper treatment without a chart history and x-rays."
Ransomware virus typically encrypts all files on the targeted computers and then demands a ransom (usually in Bitcoins) in exchange for the decryptor from the attacker that helps the victims regain access to their important files.
At the time of writing, the company claimed to have a decryptor that they are using to help affected customers decrypt their files at a good rate of succession.
"PerCSoft assures us it is working to restore files as quickly and completely as possible, but restoration is a slow and methodical process that could take several days to complete," the Digital Dental Record said.
However, the official statements from the companies haven't particularly mentioned how they got their hands on the ransomware decryption software, suggesting that the unknown amount of ransom has been paid to the cybercriminals.
Meanwhile, the companies said they are actively working with the Federal Bureau of Investigation's Cyber Crime Unit to thoroughly investigate the incident, adding that they have been in touch with most of the affected customers, describing them as "only a small percentage of the affected practices."
This year has seen a rise in ransomware attacks against public infrastructure and government institutions, from where cybercriminals seek successful returns as most of the times the targeted organizations content is vital to the public interest.
Earlier this year, ransomware crippled computer system infrastructure of multiple states in the United States, including Florida, Baltimore, and Texas. In March, ransomware also hit Norsk Hydro, forcing the Aluminum giant to shut down several plants and switch to manual operations.
Just last week, some residents of South Africa financial capital Johannesburg were left without electricity after the city's power company got attacked by a ransomware virus.