Data center and colocation services provider Equinix this week revealed that it was the victim of a ransomware attack.
Headquartered in Redwood City, California, Equinix operates over 200 data centers across 25 countries around the world.
The incident, which the data center giant disclosed earlier this week, has only impacted some of the company’s internal systems.
According to Equinix, it was able to quickly address the security incident and its teams are currently investigating the attack. Law enforcement was alerted as well.
“Our data centers and our service offerings, including managed services, remain fully operational, and the incident has not affected our ability to support our customers,” the company said.
Furthermore, Equinix points out that most of its customers “operate their own equipment within Equinix data centers,” meaning that the attack did not affect their operations. Furthermore, data on customer equipment at Equinix was not impacted either, the data center giant claims.
“The security of the data in our systems is always a top priority and we intend to take all necessary actions, as appropriate, based on the results of our investigation,” the company continues.
Equinix did not provide information on how the attackers were able to breach its systems, nor on the type of ransomware used, but BleepingComputer claims that the NetWalker ransomware was used.
The attackers apparently demanded a $4.5 million (455 bitcoin) ransom from Equinix, claiming they were able to download sensitive data from the company’s servers and threatening they would make the data public unless the ransom is paid.
In July 2020, the FBI issued an alert on NetWalker attacks targeting businesses in the United States and abroad, explaining that the malware’s operators exploit known vulnerabilities in VPN appliances and web apps, and Remote Desktop Protocol connections.
With Equinix having the credentials for tens of RDP servers sold on the dark web, it’s likely that this was the attack vector used in this incident.
“This attack once again demonstrates the importance of having security visibility into all of your company’s digital assets – both inside and outside of your perimeter. Anything that connects to your corporate infrastructure can act as an entry point for threat actors,” Hank Schless, Senior Manager, Security Solutions at Lookout, said in an emailed comment.
“Equinix is doing the right thing by putting out a statement within 72 hours, which aligns them with Article 33 of the GDPR that requires notification of a breach within that time frame. This will help minimize the long term impacts,” Schless continued.
Jamie Hart, Cyber Threat Intelligence Analyst at Digital Shadows, commented, “Organizations need to ensure that RDP servers are secure, such as prohibiting RDP connections over the open internet, using complex passwords and multifactor authentication, limiting privileged access and minimizing the number of local administrator accounts, and using Firewalls to restrict access. Also, keep software and operating systems updated and maintain a relevant and well-practiced response plan per your organization’s threat model is imperative. Finally, conduct regular security awareness training that includes instruction on how to spot phishing email, how to report suspicious emails, and when to be critical of links or attachments.”