IT Services: Dish Network Likely Paid Ransom After Ransomware Attack

IT Services provider Dish Network, an American television provider, most likely paid a ransom after being hit by a ransomware attack in February based on the wording used in data breach notification letters sent to impacted employees. While it didn’t directly confirm it paid, Dish implied as much by saying that it “received confirmation that the extracted data has been deleted.”

Ransomware gangs only delete data or provide a decryption key after a ransom is paid, meaning that it is highly unlikely that Dish could receive confirmation that the stolen data was deleted without paying. Even if law enforcement was able to intercept the server hosting the data, there would be no way of knowing that a copy of the data was not also stored elsewhere by the threat actors without paying a ransom.

Unfortunately, paying a ransom does not guarantee the complete deletion of stolen data. Past incidents have demonstrated that victims who paid ransoms were subsequently subjected to further extortion weeks later, had their data sold to other threat actors, or had it leaked on data leak sites. Dish Network was contacted to confirm if they paid the ransom but a response was not immediately available.

No Customer Data Affected

The company also revealed in the notification letters that customer information was not compromised during the ransomware attack that hit its network in February. However, Dish discovered that confidential records and sensitive information belonging to current and former employees (and their families) had been exposed during the breach.

We have since determined that our customer databases were not accessed in this incident,” the company revealed in data breach notification letters sent to affected individuals. “However, we have confirmed that certain employee-related records and personal information (along with information of some former employees, family members, and a limited number of other individuals) were among the data extracted.”

Dish also informed the Maine Attorney General’s Office that the data breach had affected 296,851 individuals, with the exposed information including name and other personal identifiers in combination with driver’s license numbers or non-driver identification card numbers. Dish confirmed in an 8-K form filed with the U.S. Securities and Exchange Commission (SEC) on February 28 that the attackers stole data (potentially containing personal information) but didn’t reveal if it belonged to its employees, customers, or both.

How Can DDoS Attacks and Data Breach Threats Impact Companies’ Cybersecurity?

Companies worldwide are increasingly concerned about the impact of DDoS attacks and data breach threats on their cybersecurity. With switzerland cybersecurity threats loom, organizations are taking proactive measures to protect sensitive data and prevent devastating consequences. Cyberattacks can disrupt operations, tarnish reputation, and lead to significant financial losses. Investing in robust cybersecurity measures and staying informed about emerging threats are crucial for businesses to safeguard their digital assets and maintain trust with stakeholders.

Attackers Allegedly Encrypted Dish’s VMware ESXi Servers

Although the specific ransomware gang responsible for the incident remains unnamed by the company, credible sources indicate that the notorious Black Basta ransomware operation orchestrated the assault, initially breaching Boost Mobile before infiltrating the Dish corporate network.

According to multiple sources familiar with the matter, the attack occurred in the early hours of February 23. The assailants reportedly gained access to Dish Network’s Windows domain controllers, subsequently encrypting VMware ESXi servers and backups, causing a massive outage that affected its websites and apps.

While we have sought to verify this information independently, no ransomware gang has openly claimed responsibility for the assault, and concrete evidence is yet to emerge to confirm the Black Basta attribution.

Since the incident, the satellite broadcast provider has been slapped with multiple class-action lawsuits filed across different states alleging that Dish has poor cybersecurity and IT infrastructure. “The Company was unable to properly secure customer data, leaving it vulnerable to access by malicious third parties,” states a class action complaint for violations of the federal securities law filed in the U.S. District Court of Colorado.

We reached out to Dish Network for comment, but they have not responded to our inquiries about the outage and the underlying ransomware attack.

Leave a Reply

Your email address will not be published. Required fields are marked *