27/03/2023: The story has been updated to include Dish's statement shared with SC Media
Dish Network customers continue to grapple with service disruptions and technical issues a month after the satellite TV giant was hit by a ransomware attack.
Beginning on Feb. 23, Dish suffered a multiday outage that hamstrung customer service offerings and billing functions. In a Feb. 28 SEC filing, Dish confirmed that it was due to a cyberattack, which may have resulted in the leak of customer data.
Dish has since not released further information about the incident investigation progress but said i
on a Wednesday statement that it would still "take a little more time" to fully restore the system.
While the statement noted that the payment system is enabled and the call center capacity continues to increase daily, many customers complained they are still having payment issues and are not able to contact customer service.
Specifically, under Dish's official Twitter account, which hasn't been updated since the outage, customers expressed their frustration about long wait times for contacting customer service to fix the login problem, make bill payments, or cancel subscriptions.
"This is insane," one customer tweeted on March 18 that the estimated wait time for her call was 855 minutes.
SC Media called customer service at 1 p.m. Eastern on March 24 and was told by an automated voice message that the center was experiencing high call volume and the estimated wait time was 80 minutes.
In a statement shared with SC Media late Friday, a Dish spokesperson said that the company has restored "many of the systems," including its websites, customer care functions, self-service applications, and payment systems. It did not directly respond to the inquiry about when the system will be fully fixed and how many customers' data has been impacted.
Drew Schmitt, GRIT lead analyst at GuidePoint Security's consulting team, said that most large organizations like Dish can recover its core capability from a cyberattack within weeks, but it usually takes much longer to fully restore all functionality to pre-attack capabilities, with some taking up to almost a year.
Given that Dish includes a number of subsidiaries and unique business units, it can be even harder to homogenize technologies and controls across all business units, added Bill Bernard, AVP of Deepwatch.
Moody's Investors Services said that the cyber incident is "clearly negative" for the credit, but it has not paralyzed the company on a sustained basis so far.
"Dish Networks, and its Pay TV subsidiary Dish DBS, both have B2 Corporate Family Rating, reflecting fairly high business and financial risks. However, they have solid liquidity right now and have cash on hand to meet this year's debt maturities, so no unexpected negative impact from such a cyberattack on its rating," said Neil Begley, senior vice president for Moody's.
Begley, however, warned that if Dish failed to solve the incident in a timely manner, the company could experience subscriber losses in the short term.
Roger Grimes, a data-drive defense evangelist at KnowBe4, said that Dish should learn from the incident and establish better disaster recovery plans to defend against future attacks.
"A bad ransomware attack can be like a bomb going off, and if the damage is bad enough, it might just be the moment to use to rebuild things right from the ground," Grimes said.
"If I were the person responsible for the business continuity plan (BCP) at Dish, I would leverage this incident and the number of customers that choose to leave Dish as the justification for investment in proper BCP and the resources needed to test it" Avishai Avivi, CISO at SafeBreach, added.