Sponsored Content
In the Spring of 2021, US-based Colonial Pipeline was the victim of a devastating ransomware attack. This attack was launched against our infrastructure by a group based in Russia (called Dark Side) forcing Colonial to shut down over 5,500 miles of pipeline in the US. Two days prior to Colonial being hit, Black Talon Security was called in to spearhead a breach response for an Orthodontic group who had also been successfully targeted by Dark Side. Drawing the correlation between these two events is important — it is critical for DSO organizations to understand who and what they are up against. The criminal enterprises who target entities like the US Government, US military, US infrastructure, etc. are often the same groups who are targeting you. There is no such thing as a happy ending following a ransomware attack, however, the Colonial event ended up being the catalyst for an international collaborative effort between government agencies who managed to track and crash the cryptocurrency accounts owned by Dark Side. Great fanfare was made about this collaborative effort . . . but the celebration didn’t last long.
In January 2022, Black Talon Security received a call from a small (6 office) DSO, asking for assistance with a suspected ransomware event that had just been discovered in all 6 of their locations. It didn’t take long for our forensic investigators to recognize the fingerprints of another Dark Side attack. How could this have happened if Dark Side had been shut down and “on the run”? As it turned out, in the 6 months that they went “silent” they simply rebranded themselves as a new group called Black Cat and released an even more dangerous and sophisticated attack. The ransom demand for this new attack was much higher than what Dark Side historically demanded. It seems that their plan is to recoup every dollar that they lost after investigative agencies successfully tracked and wiped their crypto accounts. Prior to the release of Black Cat, a typical ransom demand for a 6-location practice would have been in the $200,000 – $600,000 range. Even we were shocked to discover that Black Cat was demanding $2.4 million to release the decryption key in order for this practice to recover their data. The ransom demand was only a portion of the cost of this attack. All 6 locations had to rebuild/replace their office networks and all 6 had to lock their doors for 10 business days. You may be asking yourselves questions like, “Didn’t they have backups? Didn’t they have firewalls and anti-virus software running?” The answer is yes to both questions. They had redundancy in place with their backup solution and every location had a firewall and anti-virus software running. They also worked with a large and reputable IT provider.
Black Talon Security has been involved in a high number of breach response cases in the dental industry and in almost every case, the targeted practices had firewalls, anti-virus software and worked with an IT provider. Anti-virus software has been a powerful and effective tool for decades, but it is not designed to fend off a modern-day ransomware attack. Firewalls are still very important and necessary but only if they are configured properly and that ZERO vulnerabilities exist. Great IT providers or Managed Service Providers (MSPs) are worth their weight in gold, but they are not cybersecurity specialists. Advanced cybersecurity is not their area of responsibility.
How Does a DSO Better Protect Themselves in 2022?
Continued threats and debilitating new attacks require more sophisticated preventative measures. One new and powerful change that an organization can make is to consider upgrading their anti-virus solution to Endpoint Detection and Response (EDR). There are multiple options available on the market. An even better solution would be upgrading to Extended Detection and Response (XDR). It won’t be long before insurance companies will require that this new technology is installed on a network before determining the insurability of a new or existing client.
It is more important than ever before to engage with a dedicated cybersecurity company. Any company who you engage with should have licensed, credentialed, security experts on staff. A vCISO or CISSP has years of training and experience in the cybersecurity field and credentialing only happens after a rigorous board certification process is completed. Most of the hacking groups that exist today, and who are targeting DSOs, have people on their staff who have achieved this level of knowledge. Not relying on specialists is akin to “Bringing a Knife to a Gun Fight.” Even if you have an internal security team, it never hurts to test your systems and the processes that you currently have in place.
Gary Salman, CEO of Black Talon,
will be participating in a panel discussion at the ADSO Summit on
March 31st from 11:45am – 12:30pm
“Top Industry IT Challenges and How to Solve Them”
Stop by Black Talon’s booth (#609) at the ADSO Summit.
If you are unable to attend, please contact us at 800-683-3797
or visit us at www.blacktalonsecurity.com to learn
how we can help protect your DSO.