US broadcaster Dish Network has confirmed that hackers are behind the outages inflicted on its customers since Friday. An internal memo blames the attack on a “known threat agent.”
Late last week, news emerged that Dish was suffering network and service outages due to VPN issues, with an internal memo obtained by the media saying the outage was “caused by an outside bad actor, a known threat agent.”
According to an 8-K form filed this week with the US Securities and Exchange Commission, the broadcaster can now confirm that ransomware operators are behind the attack.
Sources close to BleepingComputer say the Black Basta ransomware crew is the culprit, first breaching Dish-owned Boost Mobile and then making their way onto the main Dish corporate network.
The threat actors compromised the company's Windows domain controllers and then encrypted VMware ESXi servers and backups, the sources told the cyber news site.
“On February 23, we experienced a cybersecurity incident that has affected some of our internal communications, customer call centers, and internet sites,” Dish reveals in a notice posted to its website.
“We immediately activated our incident response and business continuity plans to contain, assess and remediate the situation. We retained the services of cybersecurity experts and outside advisors to assist in the evaluation of the situation, and we notified appropriate law enforcement authorities,” the TV provider says.
An investigation revealed that “certain data” was extracted from its systems and that “it’s possible the investigation will reveal that the extracted data includes personal information.”
“If we learn that information was compromised, we’ll take the appropriate steps and let any impacted customers know,” the company pledges.
Dish says it is making progress on the customer service front but anticipates it will “take a little time before things are fully restored.”
DISH TV services continue to run as normal.
The hackers’ demands remain unknown at this time. So far, no Dish data has been put up for sale, or threatened to be sold in case ransom demands are not met.
tags
Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.
View all postsDecember 19, 2024
November 14, 2024