Dish Network Confirms Outage Was Due To Ransomware Attack

American television provider and broadcast satellite provider Dish Network has confirmed what was behind a damaging outage that began last week.

In a statement Dish confirmed that a ransomware attack was the cause of a multi-day network and service outage that began last Friday.

The outage badly impacted the business, knocking offline Dish.com, the Dish Anywhere app, Boost Mobile (owned by Dish Wireless), and other websites and networks owned and operated by Dish Network. The firm’s call centre operation was also said to be unreachable.

Ransomware attack

Now in the statement, Dish has confirmed the outage was down to hackers, and that data has likely been compromised.

“On February 23, we experienced a cybersecurity incident that has affected some of our internal communications, customer call centres, and internet sites,” said the US firm. “We immediately activated our incident response and business continuity plans to contain, assess and remediate the situation. We retained the services of cybersecurity experts and outside advisors to assist in the evaluation of the situation, and we notified appropriate law enforcement authorities.”

“On February 27, we became aware that certain data was extracted from our IT systems as part of this incident,” Dish noted. “It’s possible the investigation will reveal that the extracted data includes personal information.”

However it did not state whether the stolen data belonged to its staff, customers, or both.

“The forensic investigation and assessment of the impact of this incident is ongoing,” it added.

“As a result of this incident, many of our customers are having trouble reaching our service desks, accessing their accounts, and making payments,” said Dish. “We’re making progress on the customer service front every day, including ramping up our call capacity, but it will take a little time before things are fully restored. Dish TV continues to operate and is up and running.”

Who dun it?

Dish did not reveal the identity of the ransomware gang responsible, but sources have reportedly told BleepingComputer that the Black Basta ransomware operation is behind the attack.

The hackers reportedly first breached Boost Mobile and then the Dish corporate network.

Additionally, multiple sources told BleepingComputer that the attack occurred in the early morning of 23 February, with the attackers compromising the company’s Windows domain controllers and then encrypting VMware ESXi servers and backups.

BleepingComputer reported that it has not been able to independently confirm this information and no ransomware gang at the time of writing has claimed responsibility for the attack.