Dish Network recently experienced a ransomware attack that has raised questions about the possibility of a ransom payment. Analysis of the data breach notification letters sent to affected employees suggests that Dish Network may have paid a ransom, as they mentioned receiving confirmation of data deletion.
The Likelihood of a Ransom Payment:
Dish Network’s statement strongly implies that a ransom payment may have been made, as they confirm that extracted data has been deleted. Typically, ransomware gangs only delete data or provide decryption keys after receiving payment. Hence, it is highly improbable that Dish Network could receive confirmation of data deletion without having made a payment. Even if the authorities intervened and accessed the server hosting the data, there would be no guarantee that copies were not stored elsewhere by actors, demanding a ransom.
The Uncertainty of Data Deletion:
Regrettably, paying a ransom does not guarantee the complete deletion of stolen data. Disturbingly, past incidents have shown that victims who paid ransoms were subsequently subjected to further extortion, had their data sold to other threat actors, or witnessed its release on data leak sites.
Dish Network’s situation emphasizes the need for caution when dealing with ransomware attacks, as the ultimate fate of compromised data remains uncertain, even after payment.
Suspicions that the Black Basta ransomware operation may be involved
While Dish Network has not named the ransomware gang responsible for the attack, BleepingComputer suggests that the notorious Black Basta ransomware operation orchestrated the assault. On February 23, in the early hours, the assailants gained access to Dish Network’s Windows domain controllers, ultimately encrypting VMware ESXi servers and backups.
Legal Consequences and Cybersecurity Concerns
Following the ransomware attack, Dish Network has faced multiple class-action lawsuits in various states, with plaintiffs alleging poor cybersecurity practices and inadequate IT infrastructure. The lawsuits claim that the company’s failure to secure customer data left it vulnerable to malicious third-party access.
The ransomware attack on Dish Network highlights the complexities associated with ransom payments and the uncertainty surrounding data deletion, underlining the importance of robust cybersecurity measures. Dish Network’s response to the attack and subsequent inquiries will shed light on their security practices and how they intend to prevent ransomware breaches in the future.