As a U.S. business owner, you may have heard about the recent ransomware attack on Dish Network, a major American television provider. In February, Dish was hit by a ransomware attack, and based on the information provided in data breach notification letters to impacted employees, it appears the company most likely paid a ransom to deal with the aftermath.
Though Dish didn’t directly confirm it paid, the company stated that it “received confirmation that the extracted data has been deleted.” This is a strong indication that a ransom was paid, as ransomware gangs typically only delete data or provide a decryption key after receiving payment. Even if law enforcement was able to intercept the server hosting the data, there’s no way to know for sure that a copy of the data wasn’t stored elsewhere by the threat actors without paying a ransom.
Unfortunately, paying a ransom doesn’t guarantee the complete deletion of stolen data. There have been cases where victims who paid ransoms were later subjected to further extortion, had their data sold to other threat actors, or had their information leaked on data leak sites. We reached out to a Dish Network spokesperson to confirm if they paid the ransom, but a response was not immediately available.
No customer data was affected in the incident
Here’s some good news for Dish Network customers: the company revealed in the notification letters that their customer information was not compromised during the ransomware attack in February. However, confidential records and sensitive information belonging to current and former employees (and their families) were exposed during the breach.
In data breach notification letters sent to affected individuals, Dish stated, “We have since determined that our customer databases were not accessed in this incident. However, we have confirmed that certain employee-related records and personal information (along with information of some former employees, family members, and a limited number of other individuals) were among the data extracted.”
Dish also informed the Maine Attorney General’s Office that the data breach affected 296,851 individuals, with exposed information including names and other personal identifiers combined with driver’s license numbers or non-driver identification card numbers. Additionally, the stolen files contained health insurance information and COVID-19 vaccination status.
What Were the Consequences of the BlackBasta Ransomware Assault on Rheinmetall Arms Manufacturer?
Rheinmetall confirms devastating blackbasta ransomware assault: Rheinmetall Arms Manufacturer recently fell victim to a severe cyber attack, with the BlackBasta ransomware infiltrating their systems. This malicious assault had detrimental consequences for the company, resulting in disrupted operations, compromised sensitive information, and significant financial losses. Rheinmetall now faces the daunting task of recovering their systems and reinforcing cybersecurity measures to prevent future attacks.
Attackers allegedly encrypted Dish’s VMware ESXi servers
The specific ransomware gang responsible for the incident remains unnamed, but credible sources have told us that the notorious Black Basta ransomware operation may be behind the attack. They allegedly breached Boost Mobile before infiltrating the Dish corporate network. Multiple sources familiar with the matter stated that the attack occurred in the early hours of February 23, with the assailants gaining access to Dish Network’s Windows domain controllers, subsequently encrypting VMware ESXi servers and backups, causing a massive outage that affected its websites and apps.
While we have sought to verify this information independently, no ransomware gang has openly claimed responsibility for the assault, and concrete evidence has yet to emerge to confirm the Black Basta attribution.
Since this incident, Dish has faced multiple class-action lawsuits filed across different states, alleging that the company has poor cybersecurity and IT infrastructure. One class action complaint for violations of federal securities law filed in the U.S. District Court of Colorado states, “The Company was unable to properly secure customer data, leaving it vulnerable to access by malicious third parties.”
As a business owner, this should serve as a wake-up call. It’s essential to prioritize cybersecurity and protect your company, employees, and customers from potential threats. If you’d like to learn how our team at ZZ Servers can help you strengthen your cybersecurity measures, please don’t hesitate to contact us today.
