Dish Network has now confirmed that the cybersecurity incident it suffered earlier this week was, in fact, a ransomware attack.
After initially describing the disruption as an “internal systems issue”, and a “VPN issue”, the new public filing with the SEC sheds more light on the incident.
In the filing, the TV giant said the disruption was “due to a cyber-security incident and notified appropriate law enforcement authorities,” and goes on to describe the expectations “regarding its ability to contain, assess and remediate the ransomware attack and the impact of the ransomware attack on the corporation’s employees, customers, business, operations or financial results.”
Dish data stolen
The filing also says that the threat actors stole “certain data” from the company, personal information possibly included. However, Dish did not specify if the information belongs to its customers, corporate clients, employees, or a combination. It also did not specify the amount of the data the hackers stole.
The notification about the incident is still visible on Dish’s website, and while it claims that Dish, Sling, and wireless and data networks “remain operational”, the media reported how at least some of its customers could not use the TV service since last Thursday.
Customer call centers, as well as internal sites, are still offline. Employees were told not to log into corporate VPNs and services, meaning they can’t work. At press time, it was still unknown when Dish’s employees would get back to work.
A ransomware group is yet to claim responsibility for the attack, or offer any data for auction or sale. This could also mean that the attackers are currently negotiating their ransom demand, or are simply waiting for the demand timer to run out before posting their spoils online.
While it’s impossible to confirm the identity of the group behind the attack at this point, BleepingComputer has said its sources told it that it was Black Basta who disrupted Dish’s services.
- These are the best firewalls today