Dish Network confirms data breach and also reveals payment of ransom following a ransomware attack.
In February, Dish Network, an American television provider, fell victim to a ransomware attack that raised concerns about data security and the possibility of a ransom payment. While Dish Network did not explicitly confirm paying the ransom, the wording in the data breach notification letters sent to affected employees strongly implied it. This Threatfeed explores the implications of the ransomware attack, the potential ransom payment, the impact on data security, and the measures Dish Network took to address the data breach.
The response from Dish Network suggests that a ransom payment may have occurred. Dish stated that it had "received confirmation that the extracted data has been deleted," indirectly indicating that a ransom might have been paid. Ransomware gangs typically delete data or provide decryption keys only after receiving payment. This confirmation raises suspicions that Dish Network paid the ransom to ensure the data's deletion.
Paying a ransom does not guarantee the complete deletion of stolen data. Previous incidents have shown that victims who paid ransom were still subjected to further extortion, had their data sold to other threat actors, or experienced data leaks on various platforms. Therefore, Dish Network's claim of data deletion should be treated with caution, as the possibility of the data resurfacing remains a concern.
Even if law enforcement agencies could intercept the server hosting the stolen data, it would be challenging to ensure that the data was not duplicated or stored elsewhere by the threat actors without paying the ransom. Therefore, Dish Network's assertion of data deletion without explicit confirmation from law enforcement or thorough forensic investigations raises questions about the thoroughness of the data recovery process.
Dish Network clarified that no customer data was compromised during the ransomware attack. However, confidential records and sensitive information belonging to current and former employees, as well as their families, were exposed. Dish Network's data breach notification letters confirmed that certain employee-related records and personal information, along with details of former employees, family members, and a limited number of other individuals, were among the extracted data.
The data breach affected approximately 296,851 individuals, as reported by Dish Network to the Maine Attorney General's Office. The exposed information included names and personal identifiers in combination with driver's license numbers or non-driver identification card numbers. Such sensitive information falling into the wrong hands poses a significant risk of identity theft and other fraudulent activities.
While Dish Network has not officially named the ransomware gang responsible for the attack, credible sources have suggested that the Black Basta ransomware operation orchestrated the assault. The attackers allegedly breached Boost Mobile before infiltrating Dish Network's corporate network. On February 23, the assailants accessed Dish Network's Windows domain controllers, encrypting VMware ESXi servers and backups. This caused a massive outage, impacting the company's websites and apps [3].
Although there is no open claim of responsibility from any ransomware gang, evidence gathered suggests the involvement of the Black Basta ransomware operation. However, concrete evidence is yet to emerge to confirm this attribution. It is important to note that attributing ransomware attacks can be challenging due to the complex nature of such incidents.
In the aftermath of the attack, Dish Network faced multiple class-action lawsuitsfiled across different states. These lawsuits alleged that Dish Network has poor cybersecurity practices and inadequate IT infrastructure, making it susceptible to such attacks. One of the class-action complaints filed in the U.S. District Court of Colorado claimed that Dish Network's inability to secure customer data violated federal securities laws.
Despite numerous inquiries from BleepingComputer seeking more details regarding the ransomware attack and the resulting outage, Dish Network has not responded. The company's silence raises questions about its transparency and its commitment to addressing the concerns surrounding the incident. It remains to be seen how Dish Network will navigate the legal consequences and strengthen its cybersecurity measures after the attack.