U.S. satellite television provider Dish confirmed that a ransomware is to blame for an ongoing outage and warned that intruders exfiltrated data from its systems.
The multiday outage, which began last Thursday and was confirmed by Dish on Monday, is affecting Dish’s main website, apps and customer support systems, along with the company's Sling TV streaming and wireless services.
Now, in a public filing published Tuesday, first spotted by Bleeping Computer, Dish said it had "determined that the outage was due to a cyber-security incident and notified appropriate law enforcement authorities." Dish initially blamed the outage on “internal systems issues.”
The company goes on to say that the filing relates to expectations “regarding its ability to contain, assess and remediate the ransomware attack and the impact of the ransomware attack on the corporation’s employees, customers, business, operations or financial results.”
Dish said in the filing that the attackers extracted “certain data” from its IT systems, noting that this data may include personal information. It’s unclear whether this personal information belongs to Dish employees, customers or both, and the scale of the data theft remains unclear. Dish has about 10 million customers across its streaming, satellite TV and other services.
Dish spokesperson Edward Wietecha did not immediately respond to TechCrunch’s questions.
The organization claims that while its “assessment of the impact of this incident is ongoing,” its Dish, Sling and wireless and data networks “remain operational.” That said, TechCrunch has heard from multiple Dish customers that they have had no television service since last Thursday. Dish Network's website is also still affected.
Dish also said Tuesday in its filing that its internal communications, customer call centers and internal sites remain offline as a result of the incident. Employees have reported that they have been told not to log into Dish-issued devices or corporate VPNs, effectively preventing them from working.
One employee tells TechCrunch that staff are being kept in the dark about the incident and haven’t been told when they will be able to return to work.
It's unknown who is behind the breach, and the attack has not yet been claimed by any major ransomware group. However, Bleeping Computer reports, citing sources, that the Black Basta ransomware gang is behind the attack, first breaching Boost Mobile and then the Dish corporate network.
Do you work at Dish? Do you have more information about the Dish cyberattack? You can contact Carly Page securely on Signal at +441536 853968, or by email. You can also contact TechCrunch via SecureDrop.