Dish Network, an American television provider, is believed to have paid a ransom after suffering a ransomware attack in February. While Dish did not explicitly confirm the payment, the wording used in data breach notification letters strongly suggests that they received confirmation of the data’s deletion.
Typically, ransomware gangs only delete data or provide decryption keys after receiving a ransom.
The possibility of law enforcement intercepting the server hosting the data does not guarantee that the stolen data was not stored elsewhere by the threat actors. Unfortunately, paying a ransom does not ensure the complete deletion of stolen data, as past incidents have shown victims facing further extortion or data being sold or leaked.
Dish Network has not responded to requests for confirmation regarding the ransom payment.
Although customer data was not compromised in the incident, Dish Network discovered that confidential records and sensitive information belonging to current and former employees, as well as their families, were exposed.
The breach affected nearly 300,000 individuals, with personal information and identifiers, including driver’s license numbers, being among the extracted data.
While the specific ransomware gang behind the attack remains unnamed, sources indicate that the Black Basta ransomware operation orchestrated the assault. The attackers gained access to Dish Network’s Windows domain controllers and proceeded to encrypt VMware ESXi servers and backups, causing a widespread outage affecting websites and apps.
Dish Network has faced multiple class-action lawsuits alleging poor cybersecurity and IT infrastructure since the incident.
