American television provider and broadcast satellite provider Dish Network has confirmed what was behind a damaging outage that began last week.

In a statement Dish confirmed that a ransomware attack was the cause of a multi-day network and service outage that began last Friday.

The outage badly impacted the business, knocking offline Dish.com, the Dish Anywhere app, Boost Mobile (owned by Dish Wireless), and other websites and networks owned and operated by Dish Network. The firm’s call centre operation was also said to be unreachable.

Ransomware attack

Now in the statement, Dish has confirmed the outage was down to hackers, and that data has likely been compromised.

“On February 23, we experienced a cybersecurity incident that has affected some of our internal communications, customer call centres, and internet sites,” said the US firm. “We immediately activated our incident response and business continuity plans to contain, assess and remediate the situation. We retained the services of cybersecurity experts and outside advisors to assist in the evaluation of the situation, and we notified appropriate law enforcement authorities.”

“On February 27, we became aware that certain data was extracted from our IT systems as part of this incident,” Dish noted. “It’s possible the investigation will reveal that the extracted data includes personal information.”

However it did not state whether the stolen data belonged to its staff, customers, or both.

“The forensic investigation and assessment of the impact of this incident is ongoing,” it added.

“As a result of this incident, many of our customers are having trouble reaching our service desks, accessing their accounts, and making payments,” said Dish. “We’re making progress on the customer service front every day, including ramping up our call capacity, but it will take a little time before things are fully restored. Dish TV continues to operate and is up and running.”

Who dun it?

Dish did not reveal the identity of the ransomware gang responsible, but sources have reportedly told BleepingComputer that the Black Basta ransomware operation is behind the attack.

The hackers reportedly first breached Boost Mobile and then the Dish corporate network.

Additionally, multiple sources told BleepingComputer that the attack occurred in the early morning of 23 February, with the attackers compromising the company’s Windows domain controllers and then encrypting VMware ESXi servers and backups.

BleepingComputer reported that it has not been able to independently confirm this information and no ransomware gang at the time of writing has claimed responsibility for the attack.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

GenAI Integration Efforts Hampered By Costs, SnapLogic Finds

Hefty investment. SnapLogic research finds UK businesses are setting aside three-quarters of their IT budgets…

2 mins ago

Meta Refuses EU Release Of Multimodal Llama AI Model

Mark Zuckerberg firm says European regulatory environment too ‘unpredictable’, so will not release multimodal Llama…

2 hours ago

Synchron Announces Brain Interface Chat Powered by OpenAI

Brain implant firm Synchron offers AI-driven emotion and language predictions for users, powered by OpenAI's…

3 hours ago

Amazon Workers In Coventry Fail To Form Union

Amazon workers in Coventry lose union recognition ballot by just a handful of votes, amid…

7 hours ago

US Considers Further Chip Restrictions For China – Report

Stop supplying Beijing. US tells allied chip tech firms it is mulling the most severe…

8 hours ago