While CTS has refused to pay the ransom, some of the dental practices are attempting to negotiate with the attackers to obtain the keys needed to unlock their own data. However, even those practices that paid a ransom have recovered only a portion of their encrypted data. As a result, these covered entities have had to pay additional money for additional keys to unlock the encrypted files. One particular dental practice, which had 50 encrypted devices, received over 20 ransom notes. As a result, the practice had to make multiple payments to recover patient records.
This attack is part of a trend. Ransomware attacks on MSPS are on the rise generally. One reason is how lucrative such attacks can be: one single attack on an MSP allows the cyberattackers to attack dozens, potentially hundreds of companies – each of which it can “hold ransom” and exact ransomware payments from.
The attack on CTS makes clear the need to not only backup critical data, but illustrates the need to keep one copy of that backup stored securely offsite. Secure storage consists of storing the data on a device that is networked, and that cannot be accessed over the Internet.