American television provider, Dish Network, suffered a ransomware attack in February, and probably paid the ransom, according to Bleeping Computer. Although Dish did not directly confirm that they paid the ransom, they did confirm that the stolen data had been deleted.
“Ransomware gangs only delete data or provide a decryption key after a ransom is paid, meaning that is highly unlikely that Dish could receive confirmation that the stolen data was deleted without paying.” (Bleeping Computer).
Paying ransom to hackers and cyber criminals is not a recommended means of damage control after a ransomware attack has occurred. There is no guarantee that the data will actually be returned or deleted after the ransom is paid.
The Dish ransomware attack affected 300,000 people (about half the population of Wyoming). Customer databases were unaffected, but employee records were compromised. Driver's license numbers were among the different types of data stolen.
An outage of services for customers is what initially brought the attack to light.
“While Dish confirmed that ransomware was the cause of the multi-day outage days later, TechCrunch learned that the company had kept both customers and employees in the dark about the incident and the safety of their data.” (Tech Crunch).
Did Dish do right by their employees and their customers not only by paying the ransom, but also by keeping secrets? Absolutely not. With the increasing number of ransomware attacks occurring, it is increasingly important for companies to not only have proper precautions, but proper post-attack policies as well.
Paying cyber criminals ransoms never guarantees whatever they are promising. Dish has no idea whether the data has truly been deleted or not.
“Since the incident, the satellite broadcast provider has been slapped with multiple class-action lawsuits filed across different states alleging Dish has poor cybersecurity and IT infrastructure. ‘The Company was unable to properly secure customer data, leaving it vulnerable to access by malicious third parties,’ states a class action complaint for violations of the federal securities law filed in the U.S. District Court of Colorado.” (Bleeping Computer).
Avoid lawsuits like this for your company by having top notch cyber security procedures crafted by professionals. Don’t be like Dish.
Want to learn more about improving cyber security? Responsive Technology Partners is the leading cyber-security expert in the Athens, Metter, Milledgeville, Vidalia, and Atlanta, Georgia areas. We also have locations in Tampa, Florida, Roanoke, Virginia, and Raleigh, North Carolina. Service offerings include I.T. support, cyber-security and compliance, cloud-based POS systems and support, telephony, cloud services, cabling, access control, and camera systems. Our company’s mission is to provide world-class customer service through industry leading I.T. solutions that make every customer feel as if they are our only customer. Please visit our website to learn more: https://www.responsivetechnologypartners.com/.
Sources:
Bleeping Computer. https://www.bleepingcomputer.com/news/security/dish-network-likely-paid-ransom-after-recent-ransomware-attack/