Delaware, USA – August 30, 2019 – Last weekend, another large-scale ransomware attack targeting US companies took place, and it seems that average ransom payment will once again shoot upwards this quarter. Adversaries compromised PercSoft, a cloud management provider for Digital Dental Record, who provides online data backup service archiving medical records and other information for dental offices in the United States, and then encrypted sensitive data of more than 400 their customers. The companies are in no hurry to share the details, but as a result of the investigation by Brian Krebs, it became known that the data was encrypted by Sodinokibi ransomware also known as REvil, and PercSoft with Digital Dental Record decided to pay the ransom. The exact amount of the ransom payment is unknown, but according to one of the users, the attackers demanded $5,000 for each affected customer, and this fully corresponds to the appetites of Sodinokibi gang. More than a hundred dental offices have already successfully decrypted their data, but in some cases, decryptor did not recover all the files, and in several cases, it did not help at all. Earlier this month, the ransomware attack disabled 23 government agencies in Texas, according to some reports, Sodinokibi ransomware was also used in that operation, and attackers demanded $2.5 million for decrypting files.
Despite all the warnings and recommendations, organizations continue to pay a ransom for decrypting the data, provoking more and more attacks. This is partly to blame for insurance companies, which in such cases pay a large part of the demanded ransom amount, as well as unscrupulous data recovery companies that cooperate with attackers, which only leads to a rapid increase in the number of attacks.
Content to detect this ransomware strain:
Sodinokibi Ransomware Detector (Sysmon Behavior)(July 2019) – https://tdm.socprime.com/tdm/info/2305/
Sodinokibi Ransomware detected – https://tdm.socprime.com/tdm/info/2212/