Over a month ago, Dish suffered a security break that knocked Dish’s website and others they owned offline. Now, Dish, Boost Mobile, Sling TV, and AirTV’s websites are all back online. This also includes Dish and Sling TV’s apps being back at 100%. But what happened, and how did Dish respond? Thanks to a Dish employee’s post on Reddit, we now know most of what happened, including the message that treated Dish employees when they turned on their computers.
According to the Dish employee, we now know what Dish did, and even though the employee didn’t confirm they worked for Dish but did confirm their parent company owns Blockbuster, which Dish owns in the Reddit post.
According to the report, Dish’s security breach started around 9 pm on the day of the attack. Overnight Dish worked hard to stop the attack and identified the infection but was unable to stop it from infecting over 10,000 windows PC. By 7:30 am, everything at Dish was shut down, and Dish was locked out including staff that was remote on Dish VPNs.
When Dish employees logged in, they found messages from the attackers informing them not to try and edit anything or their data will be corrupted.
According to Dish staff, the attack was targeting windows PC on the Dish network. The good news for Dish was that Macs running on the Dish network ended up being unaffected by this attack.
Dish reportedly declined to pay the ransom and instead rebuilt its services from backups. According to Dish employees, Dish went computer by computer to reimage them and rebuild its networks. Dish used saved backups of their servers to restore them and get them back online.
After the attack, Dish reportedly fired the company that was in charge of antivirus and security. According to Dish, well, it spotted the attack it failed to stop the attack.
Thankfully for Dish, it seems a few things saved the company. First, Dish had backups of its servers that did not get infected by the ransomware. Second, Dish used a double admin rights system that required a separate set of admin rights when installing something. It seems this second set of admin rights was not affected, allowing Dish to wipe its systems and restore to backups.
Attacks like this are very hard to stop. One employee making a mistake will open your company up to attacks like this. DISH was able to surprisingly quick get back online, considering the scale of the attack.