Hundreds of Dental Offices in US Hit with Aggressive Sodinokibi Ransomware Locking Patient Records

Ransomware attacks have unfortunately become a norm in the scheme of companies and personal computer users having their systems essentially locked due to sophisticated malware encrypting files and making monetary demands to restore the files supposedly. In the most recent ransomware attack, the Sodinokibi ransomware threat was used to lock data found on hundreds of dentist offices that utilized the DDS Safe online backup solution and medical record retention service.

Upwards of 400 dentist offices throughout the United States were attacked with the Sodinokibi ransomware threat. In the attacks, it looks that the perpetrators behind Sodinokibi leveraged DDS Safe, an online backup application from Digital Dental Record (dentalrecord.com). Supposedly, the DDS service was infected through its cloud management provider, PercSoft. Conversely, the DDS Safe service claims to be "a step in protecting one's system from a ransomware attack," according to their website.

This Week In Malware Episode 21 Part 3: GandCrab, REvil, Sodinokibi Ransomware Threats Remain Extremely Dangerous in Q4 2020

The attack by Sodinokibi ransomware on over 400 dentist offices throughout the US looks to be fresh off of the heals of a previous effort by cybercrooks where they compromised a managed service provider (MSP) and utilized the system to deploy the REvil malware, which is also known as Sodinokibi ransomware. The hacker group responsible for the previous attempts to compromise an MSP looks to have been successful in an attack on over 400 dentist offices that all utilize the DDS Safe service. Computer security experts from Krebs along with statements from the director of communications for the Wisconsin Dental Association learned of the attack that locked the data of 400 dental practices.

Dental work put on hold indefinitely due to ransomware attack

While dentists across the US went to work on Monday, August 26th, they discovered that their penitent information was inaccessible and was greeted with a ransom demand. Reportedly, only 100 of the dental offices were able to restore their records while the others seemingly still have their data locked from the Sodinokibi attack. Very few of the affected dentist offices were able to gain access to their data, some of which paid up the ransom demanded by Sodinokibi while the majority resorted to restoring their data from backup services.

Among the countless families of ransomware threats, Sodinokibi, also known as REvil, has been among the most active in recent months. In a report published by Fidelis Security, Sodinokibi/REvil ranked fourth as the most active form of ransomware only behind Dharma, Ryuk, and Phobos. In a time well-after the emergence of the infamous GandCrab ransomware, that gives Sodinokibi a 12.5% market share when it comes to the landscape of ransomware threats in their current active form.

Sodinokibi has gained a reputation from its initial discovery back in April of 2019 and has since been propagated in many different directions to infiltrate countless systems and personal computers. The spread of Sodinokibi doesn't solely rely on phishing techniques but instead may exploit vulnerabilities in systems to spread, which is no surprise to us in knowing that it retains a strong 12.5% of ransomware market share for current active threats.