File this one under Ironic. PercSoft, the online cloud storage company for Digital Dental records (DDR) which offers DDS Safe, a backup service used by dental offices was hit by ransomware. DDS Safe is a HIPAA Compliant online dental backup service used by hundreds of dental practices across the US. The ransomware involved in the attack is called Sodinokibi also named Sodin or REvil malware.
The article states ransomware had been deployed on the remote management software their application uses to back up client data. The hackers were able to exploit a recently patched Oracle WebLogic Server vulnerability. Oracle WebLogic Server is a Java EE application used for may web applications and portals.
Oracle Security Alert Advisory – CVE-2019-2725 https://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html
The hackers could exploit this vulnerability remotely and execute commands without authorization (no credentials) by sending a specially crafted HTTP request. The vulnerability had a CVSS score 9.8/10, and Oracle addressed the flaw on April 26 by releasing an out-of-band update.
The ransom had been paid, and a tool was provided, and files were decrypted. Having a well-designed patch management process is crucial in reducing vulnerabilities. The question is, can you stay one step ahead of the hackers.
https://securityaffairs.co/wordpress/90570/malware/dds-safe-ransomware-attack.html
What is Network Encryption?
For my folks with some non-technical background, this is something related to what we discussed in our last class. The article listed here talks about the importance of Network Encryption. Although we don’t realize it but it plays a really important part every time we go online whether it be accessing bank information or browsing through websites. It goes on to explain what an Encryption Key is and the algorithms behind it along with the keys which the SSL encryption depends on. I will try to hunt down the article about the strong encryption method that requires a ton of computing power (I think it was RSA).
https://www.lifewire.com/introduction-to-network-encryption-817993
Oops. I meant to post the article but looks like it posted to Andrew’s original post.
Andrew – I had read about this a little while ago and it’s super interesting. They actually ended up paying the ransom (FBI suggested not to pay the ransom because it would encourage others to do so). I read in one of the articles that most of the times it’s easier to pay the $$$ because the deductible is low and the insurance provider ends up coughing up the money. It’s cheaper than to cover the cost of data that was lost. This kerbonsecurity article talks a little bit about that:
https://krebsonsecurity.com/2019/08/ransomware-bites-dental-data-backup-firm/
Jaimin, this is a good point. With the traditional computer we have today, guessing or cracking encryption keys are extremely slow, mathematically possible but not practical in reality. If a system holds a line of business software and data an organization relies on, they really don’t have too much of a choice. Pay the ransom or close the business.
However, I do want to point out that even if an organization pays the ransom and data were decrypted. How does anyone ensure there was no additional ransomware left behind? How does anyone ensure the decrypted data may never be encrypted by the same ransomware again in the future by a backdoor left open by the ransomware that encrypted the data first?
In addition, the organization might start regular backups and start implementing Business Disaster Recovery plans and technologies after such an attack, but the backdoor left open might very well become the baseline of the backups. in short, the backups will be compromised as well.
Ransomware is designed to hold the data for ransom, for once or for a lifetime?