Cyber Incident Victim: Complete Technology Solutions
Date:
Nov 2019
Location:
United States of America
Summary
A Colorado-based IT services provider specializing in dental practices suffered a ransomware attack compromising over 100 client offices via the Sodinokibi strain. The attackers exploited a remote administration tool used by the provider, which lacked additional authentication, enabling widespread encryption of client systems. The provider declined a $700,000 ransom demand for a universal decryption key, leading affected practices to pursue individual negotiations; some relied on off-site backups while others paid separate ransoms. Recovery efforts were complicated by multiple ransom notes and encryption keys per location, requiring repeated payments to fully restore systems. The incident highlighted broader security vulnerabilities in the dental sector, including unpatched servers, inadequate backups, and weak access controls.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around November 25, 2019, Colorado-based IT services provider Complete Technology Solutions (CTS) suffered a ransomware attack that disrupted operations for over 100 dental practices relying on its services. The attackers deployed Sodinokibi (also known as REvil) ransomware across client networks through compromised remote administration tools CTS used to manage dental office systems. This functionality reportedly did not require additional client authentication for remote connections. CTS President Herb Miner declined to discuss the incident when contacted on December 6, 2019. The ransomware encrypted files at dental practices, with the attackers demanding $700,000 from CTS for a universal decryption key, which the company did not pay. Affected dental offices experienced operational paralysis, including loss of access to patient records, billing systems, and VoIP phone services, leading to canceled appointments, financial losses, and patient dissatisfaction.
Dental practices faced complex recovery challenges due to multiple ransom notes and encrypted file extensions across their networks, requiring separate negotiations and payments for each unique decryption key. Third-party cybersecurity firm Black Talon Security assisted several CTS clients, noting one practice with 50 devices required over 20 distinct ransom payments for full recovery. Some offices utilized off-site backups while others independently negotiated with attackers, incurring additional costs beyond initial ransom demands. Industry experts observed that many affected practices exhibited poor security postures, including unpatched servers, inadequate backups, reliance solely on basic antivirus, unsegmented networks, and widespread administrator privileges with weak passwords. The attack mirrored a similar September 2019 incident targeting dental IT provider PerCSoft, affecting 400 practices, highlighting systemic vulnerabilities in dental industry IT infrastructure managed by third-party providers.