Image: Cody Logan/ CC BY-SA 4.0

Satellite broadcasting provider and television giant Dish Network has finally confirmed that a ransomware attack was the cause of a multi-day network and service outage that began on Friday.

As Reported computer, this widespread outage affected Dish.com, the Dish Anywhere app, Boost Mobile (a subsidiary owned by Dish Wireless), and other websites and networks owned and operated by Dish Network. Customers also reported that the company’s call center phone numbers were unreachable.

Today, Dish Network said it had “determined the outage was due to a cybersecurity incident and has notified the appropriate law enforcement authorities”, in an 8-K shape filed today with the United States Securities and Exchange Commission (SEC).

The company added that the information filed relates to its “expectations regarding its ability to contain, assess, and remediate the ransomware attack and the impact of the ransomware attack on employees, customers, businesses, operations, or company’s financial results.

Dish Network also confirmed that the threat actors stole personal information from its compromised systems, but did not say whether it belonged to its employees, customers or both.

“On February 27, 2023, the Company learned that certain data had been extracted from the Company’s information technology systems in connection with this incident. Investigation may reveal that the extracted data includes personal information,” the company added. Company.

Dish Network website is still affected by the outage and is only partially functional, with the company prominently displaying a “We are experiencing a system issue that our teams are working to resolve” message at the top of the homepage.

Unfortunately, Dish Network employees told BleepingComputer they were kept in the dark, with the company sharing little information about what was going on.

While this may be due to the ongoing investigation into the ransomware attack, Dish Network has yet to share further details besides engaging “the services of cybersecurity experts and outside advisors” and to notify the relevant law enforcement authorities of the attack.

The attack would have targeted VMware ESXi servers

Although Dish Network did not name the ransomware gang behind the incident, sources told BleepingComputer that the Black Basta ransomware operation was behind the attack, first breaching Boost Mobile, then the Dish business network.

Additionally, multiple sources told BleepingComputer that the attack happened in the early morning hours of February 23, with attackers compromising the company’s Windows domain controllers and then encrypting VMware ESXi servers and backups.

BleepingComputer was unable to independently confirm this information and no ransomware gang claimed responsibility for the attack.

Dish Network has yet to respond to multiple emails asking for more details regarding the outage and the ransomware attack behind it.