loader gif

Sodinokibi ransomware hits hundreds of dental offices in US

Sodinokibi ransomware hits hundreds of dental offices in US
  • Sodinokibi aka Revil infected DDS Safe, an online backup product from Digital Dental Record (DDS), through its cloud management provider, PercSoft.
  • Over 400 dental offices in the US have been impacted by the ransomware attack.

What’s the matter?

Hundreds of dental practice offices in the US had their data and patient records encrypted by Sodinokibi ransomware. Over 400 dental offices have been impacted by the ransomware attack.

What happened?

On August 26, 2019, Sodinokibi aka Revil infected DDS Safe, an online backup product from Digital Dental Record (DDS), through its cloud management provider, PercSoft.

DDS Safe stores medical records, charts, insurance documents and other personal information for various dental offices across the United States.

What was the response?

PercSoft and Digital Dental Record (DDS) together released an update on the attack recovery process stating that they've worked with the software company and have obtained a decryptor for the ransomware which will restore the encrypted files. A later update announced that data restoration had started.

“All, Thank you for your patience. We have been running the decryptor with good success for a number of you. It has taken longer than expected obviously for some of these to complete. Some of you we have needed to get a second decryptor that we received this morning,” the update read.

However, some affected dental offices reported that the decryptor did not work to unlock at least some of the files encrypted by the ransomware. Meanwhile, Brenna Sadler, director of communications for the Wisconsin Dental Association, said that nearly 100 dental offices have had their files restored.

“Brenna Sadler, director of communications for the Wisconsin Dental Association, said the ransomware encrypted files for approximate 400 dental practices, and that somewhere between 80-100 of those clients have now had their files restored,” Krebs on Security reported.

Worth noting

While Sadler said that she did not know whether PerCSoft and/or DDR had paid the ransom, a source impacted by the ransomware noted that the two companies had paid the ransom demand to obtain the decryptor.

The ransom amount has not been disclosed, however, some users believe that PercSoft has paid $5,000 per client.

“I believe Percsoft said they have about 900 client dental offices and that 500 were affected by this $5000 ransomware,” a Reddit post read.

loader gif