The attack started on February 23rd, forcing the company to shut down portions of its IT systems, causing widespread outages among its services.
Satellite broadcast provider and TV giant Dish Network has finally confirmed that a ransomware attack was the cause of a multi-day network and service outage that started on Friday.
As BleepingComputer reported, this widespread outage hit Dish.com, the Dish Anywhere app, Boost Mobile (a subsidiary owned by Dish Wireless), and other websites and networks owned and operated by Dish Network. Customers have also reported that the company’s call center phone numbers were unreachable.
Dish Network first blamed the network and service outage on VPN issues, according to The Verge. However, as first reported by BleepingComputer, an internal memo sent to Dish employees and seen by us stated that the outage “was caused by an outside bad actor, a known threat agent.”
February 28th, in an 8-K form filed today with the U.S. Securities and Exchange Commission (SEC), Dish Network said it “determined that the outage was due to a cyber-security incident and notified appropriate law enforcement authorities.”
The company added that the filed information relates to its “expectations regarding its ability to contain, assess and remediate the ransomware attack and the impact of the ransomware attack on the Corporation’s employees, customers, business, operations or financial results.”
Dish Network also confirmed that the threat actors stole data from its compromised systems (potentially containing personal information) but failed to mention if it belonged to its employees, customers, or both.
“On February 27, 2023, the Corporation became aware that certain data was extracted from the Corporation’s IT systems as part of this incident. It is possible the investigation will reveal that the extracted data includes personal information,” the company added.
Dish Network’s website is still affected by the outage and is only partially functional, with the company prominently displaying a “We are experiencing a system issue that our teams are working hard to resolve” message at the top of the homepage.
Unfortunately, Dish Network’s employees have told BleepingComputer that they have been kept in the dark, with the company sharing little information about what is happening.
While this might be due to the ongoing investigation into the ransomware attack, Dish Network has yet to share further details besides hiring “the services of cyber-security experts and outside advisors’ and notifying the relevant law enforcement authorities about the attack.
Attack allegedly targeted VMware ESXi servers
Even though Dish Network didn’t name the ransomware gang behind the incident, sources have told BleepingComputer that the Black Basta ransomware operation is behind the attack, first breaching Boost Mobile and then the Dish corporate network.
Additionally, multiple sources told BleepingComputer that the attack occurred in the early morning of February 23, with the attackers compromising the company’s Windows domain controllers and then encrypting VMware ESXi servers and backups.
BleepingComputer has not been able to independently confirm this information and no ransomware gang has claimed responsibility for the attack.
Dish Network has yet to reply to multiple emails requesting more details regarding the outage and the ransomware attack behind it.