An incident occurred in which more than 400 medical institutions were simultaneously damaged by ransomware



Ransomware targeting dental clinics in the United States is raging, and it has been reported that about 400 dental clinics have been encrypted with treatment data, causing serious problems in business operations. It is.

Ransomware hits hundreds of dentist offices in the US | ZDNet

Hundreds of dental offices crippled by ransomware attack-CNNPolitics

Ransomware Attack Hits 400 Dental Offices Across the US | News & Opinion |

Ransomware Bites Dental Data Backup Firm — Krebs on Security

The Extortion Economy: How Insurance Companies Are Fueling a Rise in Ransomware Attacks — ProPublica

The Digital Dental Record, an IT company with cloud services, entered on August 29, 2019, saying, `` At 8:44 on August 26, the remote management that our products use to back up medical data It was confirmed that the software was attacked by ransomware. '

The Digital Dental Record is developing a cloud service for dentists called “DDS Safe” in collaboration with PerCSoft, and it is estimated that approximately 400 dental clinics in the United States were damaged via this service. Ironically, DDS Safe was a cloud service that was marketed as a solution to protect medical data from ransomware.


Darwin Laganzon

Paul Levine, who runs a private dental clinic in Wisconsin, told a TV station, CNN, “My office has been devastated by ransomware. “Because I couldn't get X-rays, I couldn't see a new patient, and I had to leave half of those who visited the hospital as it is.”

According to cybercriminal expert journalist Brian Krebs, this is a ransomware called ' Sodinokibi / REvil '. Sodinokibi was also used in an attack on a government office in Texas on August 16, 2019, when 22 local governments were damaged.

On a dental clinic PC infected with Sodinokibi, the patient's medical records, treatment schedule, X-ray database, treatment cost payment history, etc. stored on the system are encrypted and cannot be accessed. In addition, a message instructing to pay 10,000 dollars (about 1.06 million yen) as a ransom is displayed, and a threatening message that the ransom will double every 48 hours is also attached.

According to Mr. Krebs, there is information that PerCSoft has already paid a ransom to an attacker by ransomware, although it has not been confirmed, but PerCSoft himself paid, or a cyber insurance insurance company to which PerCSoft joined It is unknown whether it was. Also, the amount of ransom paid has not been revealed.

In the picture of the screen that is supposed to be the interaction between PerCSoft and the dentist, you can see the sentence “We are paying the ransom”.

According to news reports of IT news media ZDNet, 100 dental clinics succeeded in restoring some files with the decryption key obtained by The Digital Dental Record and PerCSoft paying the ransom to the attacker That said, there are many cases where files could not be restored.

“Insurance providers that offer cyber insurance pay ransom much cheaper than other options,” said Renee Dudley, a technical reporter for the United States non-profit and independent news agency ProPublica. Will help hackers and continue the next cycle of attacks targeting companies with cyber insurance, ”he said, explaining the difficulty of responding to ransomware.

in Security, Posted by log1l_ks