Ransomware Attack Hits Backup Provider, US Dental Offices
PerCSoft, a Wisconsin company that provides an online data backup service for dental offices, has suffered a ransomware attack. The ransomware encrypted files for approximately 400 U.S. dental offices, and 80 to 100 of those offices have had their files restored, Wisconsin Dental Association Director of Communications Brenna Sadler told KrebsOnSecurity.
The PerCSoft ransomware attack was identified August 26, and it may have involved the REvil (Sodinokibi) ransomware strain, KrebsOnSecurity reported. In addition, several affected dental offices have indicated that they were unable to unlock some of their files encrypted by the ransomware, and others stated they might be unable to process payroll payments due to the incident.
PerCSoft has paid the ransom, according to multiple sources. However, it is unclear how much PerCSoft paid or who was paid.
How to Defend Against Ransomware Attacks
Shawn Kanady, Director of Digital Forensics and Incident Response at Trustwave SpiderLabs, offered the following recommendations to help organizations defend against ransomware attacks:
- Back up your data. Organizations should use online backups but also maintain offline copies of sensitive information.
- Inventory your systems. Perform an IT systems audit and isolate and monitor any systems that can no longer be patched.
- Conduct continuous security awareness training. Perform security awareness training regularly and keep security awareness programs up to date.
- Implement a patch cycle program. Launch a patch management program in which patching is performed every 30 days; it also is important to patch all third-party apps every 30 days.
- Perform application whitelisting. Use application whitelisting to ensure systems run authorized applications.
- Deploy an endpoint detection and response (EDR) solution. Baseline systems and keep an eye out for any new or rogue processes.
- Use a secure email gateway solution. Deploy a secure email gateway solution that removes malicious emails from users’ mailboxes.
MSSPs can provide organizations with security services guard against ransomware attacks, too. They also can offer security expertise to help organizations keep pace with evolving cyber threats.
Ransomware Attacks Hit Multiple CSPs, MSPs
Ransomware attacks have hit multiple service providers in recent months. Victims include:
- A cloud service provider (CSP) that works closely with MSPs.
- Data Resolution, an MSP in California.
- Multiple organizations that paid a combined $640,000 in Bitcoin over a two-week span in 2018, according to master MSSP Perch Security.
The FBI and U.S. Department of Homeland Security have repeatedly warned MSPs and their technology platform providers about such attacks.
Amid those challenges, the MSP industry could soon face a “crisis of credibility” if the market doesn’t take major steps to more effectively mitigate ransomware threats, cyberattacks and associated fallout, ChannelE2E and MSSP Alert believe.
In response, MSP software providers and their channel partners are increasingly activating two-factor authentication as a means to stop hackers from entering systems.
Moreover, ConnectWise is launching a Technology Solution Provider Information Sharing and Analysis Organization (TSP-ISAO). The goal: Recruit and welcome all companies — including rivals — into an information sharing organization that will raise industry defenses, and thereby benefit all MSPs.
Additional insights from Joe Panettieri.