Security Sense: Lessons on Ransomware From a Dentist

I went to a new dentist today. It was a pretty slick looking place actually; very modern, minimalist furniture, some funky artwork – it kind of felt like a designer apartment showcase. That is, except for the receptionist standing behind the guy with the logo’d polo shirt sitting at the PC, both looking distressed. He was on the phone:

“Yeah, they’ve got a crypto virus. How much to reinstall [that software product they no longer have the installation media for]? Sure mate, whatever it takes.”

Should I say something? I mean should I offer some thoughts? I decide to wait and see how it pans out.

I go into one of the little rooms with the TV on the ceiling and meet the dentist. Lovely lady, but she’s had better days. I enquire if they’re having problems with their computer, just enough of a query to see how much she wants to disclose. She explains that “things are down at the moment” and proceeds to fill my mouth with devices that put the end to any line of questioning.

She and the dental assistant start having a chat:

“Remember to keep all those pieces of paper we’re writing notes on.”

They’ve gone old-school with their record keeping because as far as the machines go, it looks like they’re now all off the air. Various hand-scrawled notes sit on desktops waiting for later data entry, right next to the Windows 7 machine which is very clearly off limits at present. I’m watching some David Attenborough thing about salmon on the upside-down TV but I keep thinking about what the ingress point was for whatever is now wreaking havoc on their machines.

“Just make sure you never even open an email from someone you don’t know”, suggests the dentist.

Ah. It wasn’t clear whether this was general advice or a very polite way of accusing the assistant of having crypto’d the dental practice. Either way, she wholeheartedly agrees.

It’s just a check-up and everything is good so I’m out of the seat pretty quickly. Back at reception, IT guy is still working away at the machine. He’s got a bunch of local IP addresses scrawled on a piece of A4 next to him and he’s clearly frustrated. He turns to the reception and as if fate had conspired to allow me to be there at that precise moment to witness the question, he asks her:

“Do you have backups?”

The look on his face in response to the blank stare she gave him was a grimace worse than I imagine any dentist’s office had seen before. Someone wanders in from the back and suggests there might be some things in the cupboard doing backups. IT guy checks it out and I kid you not, responds with the following:

“They’re not turned on”

The dentist returns and mentions having seen the lights on sometime during 2015. This is riveting stuff and I kind of want to stall a bit so I can hang around and see what happens next, but I fear it’s a foregone conclusion with no happy endings. Well, maybe for IT guy is he’s on an hourly rate but even then, it’s obviously painful for him too.

I thought I’d share this as it’s the first time I’ve see the whole debacle unfold in real time in front of me and been able to watch it as a casual observer. I recently wrote a ransomware course that’s available for free if you’d like to delve into the topic a bit more but in short, there was a combination of old systems, probably out of date patch cycles, human vulnerabilities if they’re opening funky attachments and obviously an inability to restore from backups which it sounds like hadn’t even been tested. But man, that was a shiny looking office!