CryptoWall Ransomware virus takes its toll on dental practices

Ever since computers became commonplace in dental practices, computer software viruses have been an ever-present concern. The latest evolution in malicious viruses are called ransomware and as the name suggests, they hold you to ransom unless you pay money - in the form of untraceable Bitcoin - to hackers located in equally untraceable locations.

The latest CryptoWall Ransomware virus, for example, infiltrates your computer system courtesy of clicking a link in an unsolicited email. Once it downloads to your system, it quickly moves to encrypt all the files on your computer so that they are unusable; the only way to rid your system of the virus and decrypt your data is to pay a ransom. That ransom typically begins at 1 Bitcoin - or A$753.00 at time of going to press - and increases each week by the same amount until paid.

"We've seen CryptoWall infect three dental practices we have as clients," said Chris Ajaka, MD of computer consultancy Cablenet that specialises in servicing the IT requirements of dentists in Australia. "And it is nothing short of debilitating. The appointment book is no longer available, you cannot access patient records and you cannot issue a bill, claim on HICAPS or record a payment. Business quite literally stops.

"Anti-virus software doesn't protect against it and if you surf the web for a solution once all you're files are encrypted, the fix offered even by anti-virus companies is universally to pay up.

"If you're entire practice is computerised and suddenly you cannot operate, then paying a ransom of $800-odd seems a small price to get back up and running. However, the problem is that sometimes, that doesn't work. When we have clients go down with this virus who've opted not to take adequate recovery precautions, then we counsel them to pay and move forward. We've had experiences where this approach worked, but equally, on one occasion, paying the ransom did not decrypt the files. As a result, all data was lost."

Mr Ajaka said the only solution to protecting your practice against this virus or any other is to ensure you have up-to-date offsite backups of your complete system.

"For so many reasons, we cannot stress the importance of making regular back-ups," Mr Ajaka said. "As a safeguard against viruses, as protection against hard disk failure, theft of your computer system, power surges frying components, flooding, fire or some other calamity - regularly backing-up your computer system and storing the backup at a different location will save you in an emergency.

"In the case of the latest ransomware viruses like CryptoWall, they are so sophisticated that they will infect your entire network, including the Network Attached Storage (NAS) devices we recommend to our clients to use for backups, so you need to have backups stored offsite as well."

Mr Ajaka said that making offsite backups is not a new directive, however, what has changed is the ability to do so automatically over the internet.

"Making a copy of your information once or twice a week is not enough; you have to do it constantly as you can only recover from the last backup you made," he said. "Every transaction between when the backup was made and when the failure occurred will be lost. For large, busy dental practices, that can be considerable.

"You have to remember to make the backups and you have to remember to remove them from your practice. And, you have to have at least some idea about how you will use that backup to restore your computer system if a complete failure occurs. There is more to it than most people imagine and that immediately becomes clear at the worst possible time."

The solution

Mr Ajaka's sister company, CheckProtect, offers a turnkey remote backup solution starting at $375 a month (inc GST) for 500Gb of data that includes backup software, a NAS Drive, cloud storage for your data, monitoring of the backup process to ensure it is successful and telephone support.

"CheckProtect is a complete solution designed for dental practices and small business in general. We install CheckProtect software onto your system together with a NAS Drive. Every 15 minutes, the software replicates your entire server onto the NAS Drive including all software and data. Then every hour, the software replicates the NAS drive offsite via your internet connection and stores the 'disk image' in two separate secure locations for 29 days.

"The process is constant and should the computer system in your practice fail, at most, you will only ever lose anything updated in the system in the hour before the problem occurred."

Mr Ajaka said that when a problem occurs, they deliver a hard drive to your practice that you can reboot from. The hard drive includes your operating system, all applications and all data from immediately before the problem occurred. If you're in NSW, that will occur same day and anywhere else in Australia, it is an overnight service.

"Our business is focussed on servicing the IT needs of dental practices so we are well-aware of the critical role technology plays. CheckProtect is one service we offer that we would like to see greater uptake on as it's essentially an insurance policy for your information. If you have a problem, hardware can be easily replaced, but once your data is gone, it is gone.

"The solution is to automate the process and like an insurance policy, hope you never have a problem but if you do, then you will have taken precautions to mitigate its impact on your business and life."

Technical tips for preventing data loss from viruses

1. Back up your files offsite
2. Apply windows and other software updates regularly
3. Avoid clicking untrusted email links or opening unsolicited email attachments
4. Disable ActiveX content in Microsoft Office applications such as Word, Excel, etc
5. Install a firewall, block Tor and I2P, and restrict to specific ports
6. Disable remote desktop connections
7. Block binaries running from %APPDATA% and %TEMP% paths