Data Center and Colocation Services Provider Equinix Hit by Ransomware


This week’s data centre and colocation services provider Equinix announced it’s been the target of a ransomware attack.

Equinix is based in Redwood City , California, and operates more than 200 data centres across 25 countries worldwide.

The incident, revealed earlier this week by the data centre giant, has only affected some of the company’s internal networks.

Equinix said it was able to deal with the security incident quickly and its teams are currently investigating the attack. Law enforcement has been warned, too.

“Our data centres and our systems, including managed services, remain fully operational, and our ability to support our customers has not been disrupted by the incident,” the firm said.

In addition, Equinix points out that most of its customers “operate their own equipment inside Equinix data centres,” which means their operations were not disrupted by the attack. In addition , data on Equinix ‘s customer infrastructure has not been affected either, the data centre claims giant.

“Based on the results of our review, data security in our systems is always a top priority and we intend to take the necessary actions as needed,” the company continues.

Equinix did not provide information on how the attackers could crack their systems or the type of ransomware used, but BleepingComputer believes that the ransomware was used by NetWalker.

The attackers reportedly requested an Equinix ransom of $4.5 million (455 bitcoin), saying they could retrieve confidential data from the company’s servers and threatening to make the data public unless the ransom is charged.

In July 2020, the FBI released a warning about NetWalker attacks targeting companies in the U.S. and abroad, stating that operators of the malware exploit established weaknesses in VPN apps and web applications, and connexions to Remote Desktop Protocol.

With Equinix having the credentials for tens of RDP servers sold on the dark web, the attack vector used in this incident is likely to be the one.

“This attack illustrates once again the importance of having visibility of protection in all the digital assets of your company-both inside and outside your perimeter. Anything that connects to your corporate infrastructure will serve as a point of entry for threat actors, “said Hank Schless, Senior Manager, Lookout Security Solutions, in an emailed statement.

“Equinix does the right thing by issuing a statement within 72 hours which aligns them with Article 33 of the GDPR requiring notification of an infringement within that timeframe. This will help mitigate impacts over the long term, “Schless added.

Jamie Hart, Digital Shadows Cyber Threat Intelligence Analyst, commented, “Organizations need to ensure their RDP servers are protected, such as banning open internet RDP connexions, using complex passwords and multifactor authentication, restricting privileged access and reducing the number of local administrator accounts, and using Firewalls to limit access. It is also imperative to keep updated software and operating systems, and to develop a specific and well-practiced response plan according to the threat model of your company. Lastly, routine safety awareness training that provides advice on how to spot phishing emails, how to handle suspicious emails, and when to condemn links or attachments.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.