Satellite TV giant Dish Network has confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen as part of the incident.
Dish started experiencing problems last week, when its websites, applications and various other services became unavailable. People immediately started to speculate that the issues may be caused by a cyberattack, but the company initially did not confirm reports, describing it as an internal outage.
However, Dish confirmed in a filing with the US Securities and Exchange Commission (SEC) on Tuesday that it was indeed targeted in a cyberattack, specifically a ransomware attack.
The incident was first announced on February 23 and an investigation revealed on February 27 that certain types of data were exfiltrated from the company’s IT systems.
“It is possible the investigation will reveal that the extracted data includes personal information,” Dish said in the SEC filing.
A forensic investigation is ongoing. External cybersecurity experts have been called in and law enforcement has been notified.
“Dish, Sling and our wireless and data networks remain operational; however the Corporation’s internal communications, customer call centers and internet sites have been affected. The Corporation is actively engaged in restoring the affected systems and is making steady progress,” the company said.
Dish shares have been on a downward trajectory since rumors of a possible hack started circulating.
SecurityWeek has checked the websites of several major ransomware groups, but has not seen any mention of Dish.
However, Bleeping Computer reported that the ransomware group Black Basta is behind the attack.
The Black Basta operation, which has been highly active, has been linked to a well-known Russian cybercrime group called FIN7.
Related: Ransomware Attack Hits US Marshals Service
Related: Ransomware Attack Forces Produce Giant Dole to Shut Down Plants
Related: Ransomware Attack Pushes City of Oakland Into State of Emergency