Ransomware led to multiple DISH Network outages
Christopher Boyd
Christopher Boyd
Satellite broadcast organisation DISH experienced a major system issue over the past week which affected multiple services. Websites and channels were unavailable, logins were non-functional, and some folks couldnât even pay their bills as a result of the downtime.
There was a suspicion that something may have gone wrong behind the scenes. This suspicion has turned out to be correct, as DISH has reported to the US Securities and Exchange Commission that a ransomware attack is responsible.
A timeline of ransomware
DISH filed an 8-K form, used to inform shareholders of major events, to explain the situation. The timeline is as follows:
February 23: DISH announces on an earnings call that a network outage affected internal servers and IT telephony. Having already determined that the outage was due to a âcybersecurity incidentâ, law enforcement was informed and security experts were brought in to assess the situation.
February 27: DISH becomes aware that data was extracted from IT systems as a result of the ransomware attack. At this point, itâs not certain if personal information is included in the extracted data.
The filing continues:
The forensic investigation and assessment of the impact of this incident is ongoing. DISH, Sling and our wireless and data networks remain operational; however the Corporationâs internal communications, customer call centres and internet sites have been affected. The Corporation is actively engaged in restoring the affected systems and is making steady progress.
At this point, DISH still canât confirm whether or not personal data has been compromised. A statement given to The Record states that customers will be contacted if this turns out to be the case.
Downtime and confusion
To give some idea of the scale of the outage, services impacted according to Silicon include some of the below::
- Dish.com
- The Dish Anywhere app
- Boost Mobile
- âOther websites and networksâ operated and owned by DISH network.
- The DISH call centre.
This is in addition to people not being able to pay bills or login. Itâs not uncommon for a business to be rendered inoperable in the aftermath of a ransomware attack. However, it is somewhat unusual to see so many services fall over simultaneously. Perhaps the scale of the attack is something to behold, or maybe the attackers just got lucky. Either way, we wonât know for certain until the investigation is concluded and findings are published.
Bleeping Computer has been told by sources that the Black Blasta ransomware operation is allegedly behind the attack, âfirst breaching Boost Mobile and then the Dish corporate networkâ. Itâs worth stressing that Bleeping Computer goes on to say that this information has not been independently, and DISH has not responded to multiple emails requesting more information. Itâs possible we may be waiting some time for additional details to be made public.
Meanwhile, TechCrunch has been informed that employees have no information about the incident and have not been told when they can return to work. This is not a great situation for anyone involved, and really speaks to the scale of impact that a ransomware outbreak can have.
How bad is the current state of play?
Customers are without various services, and the Dish website is still sporting a âThank you for your patienceâ message along with the link to a statement which includes the following message:
The security of our customersâ data is important to us, and if we learn that information was compromised, weâll take the appropriate steps and let any impacted customers know.
As a result of this incident, many of our customers are having trouble reaching our service desks, accessing their accounts, and making payments. Weâre making progress on the customer service front every day, including ramping up our call capacity, but it will take a little time before things are fully restored. DISH TV continues to operate and is up and running.
If youâre a DISH customer, you may have to wait a bit longer until things are something like approaching normal service.