Since November 25, over 100 dental offices were compromised via their managed service provider (MSP), Complete Technology Solutions (CTS). CTS is a Colorado-based company that provides IT services to numerous dental offices. The threat was identified as the infamous Sodinokibi ransomware strain, which has played a role in several MSP attacks this year alone.
Reports from many affected companies revealed that CTS refused to pay the $700,000 ransom to unlock their customers’ systems. Some customers had usable backups that allowed them to continue working and offering services while others have been negotiating smaller ransoms. One thing that stands out, and a big reason why paying the ransom isn’t always the smartest idea, is that not all files were encrypted in the same manner. There were customers that paid the ransom and received decryption keys that only unencrypted some, but not all, encrypted files.
Black Talon Security, a cyber security firm that worked with some of CTS’ clients, stated that they had one such example of a customer needing to turn in more than 20 ransom notes to fully recover. As with past MSP attacks, CTS’ method of remotely managing their customers’ computer systems was compromised.