Equinix Ransomware Attack Hits Company’s Internal Systems

A security incident at Equinix has resulted in ransomware getting into some of the data center colocation giant’s internal systems.

Equinix acknowledged the ransomware attack in a blog post at 12:45 a.m. ET Thursday, and said the company’s data centers and service offerings remain fully operational. The Redwood City, Calif.-based company said its team took immediate and decisive action to address the attack, notified law enforcement and is continuing to investigate.

“The security of the data in our systems is always a top priority and we intend to take all necessary actions, as appropriate, based on the results of our investigation,” Equinix said in the blog post.

[Related: CyrusOne Ransomware Attack Whacks Six Managed Service Clients]

The attack had no impact on customer operations or the data on their equipment at Equinix since most customers operate their own equipment within the company’s data centers, according to Equinix. Similarly, Equinix said the attack hasn’t impacted the company’s ability to support or deliver managed services to its customers.

Equinix didn’t disclose who was responsible for the attack or whether a ransom was demanded. However, BleepingComputer reported Thursday that Netwalker carried out the ransomware attack and demanded a $4.5 million ransom to prevent the release of stolen data. Equinix didn’t respond to a CRN request for comment.

The ransomware attack occurred over Labor Day weekend, and Netwalker included a link to a screenshot of data that had been allegedly stolen from Equinix in its ransom note, BleepingComputer reported. The names of the folders captured in Netwalker’s screenshot indicate that the files contain financial information, payroll, accounting, audits and data center reports, BleepingComputer said.

The latest timestamp on the screenshotted folders is Sept. 7, BleepingComputer reported, which aligns with the claim that the ransomware attack occurred over Labor Day weekend. The ransom note includes a link to the Netwalker Tor payment site that shows a ransom demand of 455 bitcoin, or $4.5 million. If the payment wasn’t made by a certain time, Netwalker threatened to double the ransom to $9 million.

Advanced Intel’s Andariel intelligence platform found 74 Equinix remote desktop servers and login credentials being sold in hacker marketplaces and private sales, BleepingComputer reported. Most of those remote desktop servers are concentrated in Australia, Turkey and Brazil, BleepingComputer said. Exposed remote desktop servers a common entry point for threat actors.

The Equinix ransomware attack comes nine months after six New York-area managed service customers of data center provider giant CyrusOne were affected by a ransomware attack. The managed service clients experienced availability issues due a ransomware program encrypting certain devices in their network, CyrusOne said in December 2019.

The CyrusOne attack was caused by a version of the REvil (Sodinokibi) ransomware, ZDNet reported in December 2019.

Equinix has been active this year, acquiring bare metal automation startup Packet in January to create a new offering that allows businesses to rapidly deploy digital infrastructure while also bolstering its edge computing capabilities. The company said in May that its data centers remained operational during COVID-19 since local governments had identified them as essential businesses or critical infrastructure.

Then in June, Equinix paid $750 million to acquire 13 Canadian data centers from Bell Canada, which is expected to generate more than $100 million in annual revenue and open gateways for North America to Asia and Europe. And in August, Equinix earned Google Cloud Premier Partner status, a nod to seven years of partnership as well as Equinix hosting 35 percent of the world’s on-ramps to Google Cloud.

Leave a Reply

Your email address will not be published. Required fields are marked *