Satellite TV giant Dish admitted that the recent outage was caused by a ransomware attack

Satellite
TV
giant
Dish
Network
has
confirmed
that
the
recent
outage
was
caused
by
a
ransomware
attack,
it
also
disclosed
a
data
breach.

Satellite
TV
giant
Dish
Network
finally
admitted
that
the

recent
outage
was
caused
by
a
ransomware
attack.

The
American
satellite
broadcast
provider
went
offline
on
February
24,
2023,
the
outage
impacted
Dish.com,
Dish
Anywhere
app,
and
many
other
services
owned
by
the
company.

The
company
initially
did
not
comment
on
rumors
of
a
ransomware
attack,
but
now
it
has
confirmed
the
incident
and
disclosed
a
data
breach.

According
to
a
Form 8-K
filed
by
the
company
with
US
Securities
and
Exchange
Commission
(SEC),
the
Corporation
has
determined
that
the
outage
was
due
to
a
ransomware
attack.

The
company
immediately
launched
an
investigation
into
the
incident,
which
is
still
ongoing,
and
notified
law
enforcement
authorities.

“On
February
23,
2023,
DISH
Network
Corporation
(the
“Corporation”)
announced
on
its
earnings
call
that
the
Corporation
had
experienced
a
network
outage
that
affected
internal
servers
and
IT
telephony.
The
Corporation
immediately
activated
its
incident
response
and
business
continuity
plans
designed
to
contain,
assess
and
remediate
the
situation.
The
services
of
cyber-security
experts
and
outside
advisors
were
retained
to
assist
in
the
evaluation
of
the
situation.
The
Corporation
has
determined
that
the
outage
was
due
to
a
cyber-security
incident
and
notified
appropriate
law
enforcement
authorities.”


reads
the
Form 8-K.
“On
February
27,
2023,
the
Corporation
became
aware
that
certain
data
was
extracted
from
the
Corporation’s
IT
systems
as
part
of
this
incident.
It
is
possible
the
investigation
will
reveal
that
the
extracted
data
includes
personal
information.”

At
the
time
of
this
writing
the
company
has
yes
to
disclose
the
family
of
ransomware
that
infected
its
infrastructure.

According
to
BleepingComputer,
the
company
was
a
victim
of
the

Black
Basta
ransomware
operation.

The
threat
actors
initially
compromised
the
company’s
Windows
domain
controllers
and
then
encryped
the
VMware
ESXi
servers
and
backups.

Follow
me
on
Twitter:


@securityaffairs
and


Facebook
and


Mastodon

Pierluigi Paganini

(SecurityAffairs –

hacking,
Dish)

Share
On

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts