This is the third time hackers have used Revil (Sodinokibi) ransomware. It was used in June 2019 to breach IT Managed Service Providers’ systems using the Webroot Secure Anywhere console.
This week a cybercriminal group gained access to dental software that deployed ransomware on hundreds of dentist’s IT systems. REvil (Sodinokibi) ransomware was installed on computers in dentist offices across the US.
The software that was infected with the ransomware included The Digital Dental Record and PerCSoft. Both of these software companies collaborate on DDS Safe, medical records backup solution for dental practices in the US. Ironically, The Digital Dental Record advertises DDS Safe on its website as a way to protect files from ransomware attacks.
The two companies paid the ransom that was demanded to decrypt their data. The Digital Dental Record and PerCSoft are sharing a decrypter to help dental practices recover their files, although the recovery process has been slow. Additionally, some dental practices report that the decrypter didn’t work, so they were unable to recover their data.
This is the third time hackers have used Revil (Sodinokibi) ransomware. It was used in June 2019 to breach IT Managed Service Providers’ systems using the Webroot Secure Anywhere console.
The second time was right before the DDS Safe attack. Hackers infected another Managed Service Provider’s system that affected 22 counties in Texas.
Ransomware is finding its way into software applications, as well as malicious emails. You must protect your data in three ways:
1. Ensure you have recoverable and restorable data backups. If your system is infected by ransomware, and you have a solid backup and recovery plan (BDR), your IT provider can recover your files and applications. Backups should also be reviewed manually every week. This can be done through Remote Monitoring & Management (RMM) systems that will tell your IT provider when there’s an issue with a backup job.
2. Security Awareness Training is essential. Ask your IT provider to continually train and test your employees for effectiveness. Once users get proper cybersecurity training, understand that they will be tested regularly, and that there are repercussions for repeated failures, their behavior changes. Users develop a less trusting attitude and get much better at spotting a malicious email, which significantly increases your cybersecurity posture.
Daniel De Steno, Owner of NOVA Computer Solutions, reminds us:
“Recoverable and restorable data backups are a must to protect dental practices from losing data to ransomware attacks. The key word here is recoverable. Not all backups are. In addition, dental practices should also provide Security Awareness Training and simulated phishing attacks to teach employees how to recognize malicious emails that result in ransomware infections.”
3. Schedule regular Cybersecurity Assessments. This is an annual or quarterly analysis that includes deep-level network and security assessments, vulnerability testing and reporting to accurately identify any security gaps. Based on the Cybersecurity Assessment findings, IT experts will provide recommendations and help to create a customized cybersecurity remediation plan for your practice.
These Assessments perform a non-invasive scan of your entire network, and everything connected to it, seeking out vulnerabilities that might be open to a hacker who manages to get by the network edge protection, or from a malicious internal source.
Daniel goes on to say:
“Reports are generated and provided to you so you can see if there are any gaps in your protection. They provide a higher level of assurance that you are doing everything possible to protect the security of your IT assets. With regular Cybersecurity Assessments, you’ll have an excellent overview of exactly what’s going on in your network and what exposure you may have sustained.”
With a sound Backup and Disaster Recovery Plan, Security Awareness Training, and Cybersecurity Assessments, your IT service company can protect your technology assets, guard against ransomware attacks, and lock the hackers out.
For more information, contact the team at NOVA Computer Solutions. We can answer your questions about ransomware.
In the meantime, visit our Blog to stay up-to-date on important news in IT.