Dish Blames Ransomware Attack for Disruptions of Internal Systems, Call Center Services

The cyberattackers might have potentially accessed customer information, the service provider warns.

A Feb. 23 ransomware attack is to blame for a disruption to Dish Networks internal communications capabilities, customer call centers, and Internet sites, the satellite service provider said in an SEC filing this week.
The threat actor behind the attack also accessed Dish Networks IT systems and extracted data from it that could potentially include personal information, the company said — without clarifying whether that meant employee information, customer information, or both.
Dish TV and its streaming subsidiary Slings services remain operational, as do its wireless and data networks. But the incident has affected the ability for customers to access their accounts, make payments, and reach the companys service desks, Dish said.
Were making progress on the customer service front every day, including ramping up our call capacity, Dish said in a
note to customers
on its main website, which earlier this week was inaccessible to many. But it will take a little time before things are fully restored.
Dish has hired outside cybersecurity experts and advisers to help evaluate the situation and conduct a forensic investigation of the incident. If that analysis shows the breach impacted customer information. Dish said it will notify affected customers and take appropriate action.
Dishs disclosure about the ransomware attack comes days after the company first reported a cybersecurity incident as causing a systems issue. The service disruptions that the attack caused added to already broader Wall Street concerns about the companys ability to take advantage of 5G opportunities and other issues. It at least partially contributed to a 8% decline in Dish Networks share prices this week after a
Wall Street analyst double downgraded
the companys stock.
At least six other major Internet services and utilities provides have experienced similar attacks since the beginning of 2023 according to Comparitech, which maintains a running
tracker of ransomware attacks
around the world. Rebecca Moody, head of data research at Comparitech, says that in addition to Dish, her company has confirmed ransomware attacks on South African ISP RSAWeb, Tonga Communications Corp., Águas e Energia do Porto in Portugal, Grupo Albanesi in Argentina, and US-based Encino Energy.
The attacks in 2023 come after a
rash of hits on telecom service providers
in the last few months. However, ransomware attacks on utilities providers of all types actually dropped last year — from 49 in 2021 to 38 in 2022, and the average ransom demand dropped from $27.2 million in 2021 to $14 million last year, according to Comparitech data. However, the average number of customer records impacted in these attacks saw a staggering surge — from 192,888 in 2021 to 9.8 million in 2022.
Moody says its difficult to know for sure what the ransomware attacks on services firms in January and February 2023 portend for the rest of the year. But if we compare these six attacks throughout January and February of this year to last years figures [of] two attacks in total, it would suggest hackers have started this year with a renewed focus on utilities companies, she says.
Moody says one fact that could be driving the trend is the huge effect these attacks can have on the victim company and the vast number of customers and businesses that rely on their services. Regaining control of systems as quickly as possible will be a key priority, which hackers may see as an opportunity to secure a ransom demand, Moody says.
Neil Jones, director of cybersecurity evangelism at Egnyte, says the scope of the attack on Dish Networks suggests the threat actors behind it had broad access to its systems. Generally, theres a strong correlation between the number of systems that are taken down in a cyberattack and the level of access that cyberattackers may have attained, Jones says.
In this instance, Dishs Internet sites, internal communications systems, customer call centers, and customers bill payment systems were all affected. And early reports suggested that the attack also affected systems subsidiary Boost Mobile, he says. This suggests that cyberattackers may have gained broad access to the conglomerates systems and may have compromised their environment some time ago, Jones says.
A research-based report that Ivanti released earlier this year showed that in most ransomware attacks, threat actors exploited old bugs to
gain initial access and maintain persistence
on them.
Jones adds that the seemingly broad impact of the Dish Network breach shows why network segmentation is crucial to breach containment. Most organizations dont segment their networks as meticulously as they should resulting in many recent situations where a single breach impacted the victims source code, financial data, and their customer data. So, Im confident that network segmentation will be more of an industry focus going forward, Jones says.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Dish Blames Ransomware Attack for Disruptions of Internal Systems, Call Center Services