Over 400 dental offices were hit by massive ransomware attacks

There is no organization, whether public or private, that is safe from cyberattacks. This time, a team of web application security experts reported on a ransomware attack that has compromised the systems of PerCSoft, an information backup services company based in Wisconsin.

Among the company’s top customers is Digital Dental Record (DDR) which operates an online data backup service called DDS Safe, where medical records, insurance information, clinical histories and other data gathered by hundreds of dental offices throughout the U.S. territory.

Although the number of dental practices affected is still unknown, web application security experts say that not all practices that depend on DDS Safe have been compromised. The incident would have occurred last Monday and was detected almost immediately after the encryption of the information.

The company has not issued official statements about the incident, but a Wisconsin government official mentioned that the incident, a ransomware attack, encrypted the files of nearly 500 dental offices in the state, also adding that it has already been retrieved the information from about 100 of the company’s customers. “We still don’t know if the company decided to pay the ransom, neither the amount demanded by hackers; the malware variant used in this attack has also not been identified,” she said.

Thanks to the most recent posts on the company’s Facebook page, web application security experts discovered some details about the incident recovery process, mentioning that both PerCSoft and DDR hired services of a security company that is working on recovering files encrypted by the ransomware.

However, conflicting versions continue to appear, as some users in Facebook groups dedicated to cybersecurity claim that the company decided to pay the ransom to restore access to the compromised information as soon as possible. In addition, a supposed conversation between one of the affected practices and a PerCSoft executive leaked; in the chat, the executive is informing the client about their decision to pay the ransom. In the conversation, dental offices managers are concerned about having to cover the costs of the incident, to which the company executive answers: “We will pay the ransom.”

In more detail, a leaked screenshot of one of the infected machines shows that the malware employed by the operators of this attack is a newly detected and highly dangerous variant known as REvil or Sodinokibi. An official confirmation from the company is still expected.

Web application security experts collaborating in organizations such as the FBI and the International Institute of Cyber Security (IICS) advise victims of these attacks not to give in to the demands or threats of hackers, as this only benefits them and the risk of losing compromised information remains latent. However, an increase in the number of victims who decide to pay the ransom has been detected, as they are looking for quickly restore their operations and avoid a potentially long and costly data recovery process.