In a short blog post updated on its website last Wednesday, September 9, 2020, data center giant Equinix acknowledged that it had suffered from a ransomware attack that stemmed from a security incident. The attack reportedly affected the company’s internal systems, reports CRN.
Equinix is a company that offers a wide range of data center services as well as networking systems to clients. It is currently providing its list of services to more than 50 locations around the globe, with customers primarily using their services to colocate equipment or to connect with other ISP and network providers, notes BleepingComputer.
In a statement, Equinix said, “Our data centers and our service offerings, including managed services, remain fully operational, and the incident has not affected our ability to support our customers.”
According to CRN, the ransomware attack occurred over Labor Day weekend, with the attacker called Netwalker demanding a massive $4.5 million ransom or a 455 bitcoin to prevent the stolen data from being released on the Internet.
If payment has not been made by the said date, Netwalker demands double the amount to be paid.
In attempts to prove its leverage against the company, BleepingComputer reports that the attacker attached a screenshot that has been supposedly taken from the Equinix with a note saying, “Look at this screenshot. If you do not contact us we will publish your data to public access.”
The attacker also warned the firm that it had three days to communicate prior to disclosing the incident to the public.
The screenshot contained a variety of folders. Some of the information supposedly held in the folders include data center reports, accounting information, financial details, audits, and payroll information.
BleepingComputer said that the folder names also gave reference to the company’s data centers and engineers in Australia, which may indicate that its Australian offices may have also been compromised by the incident.
In an exclusive statement obtained by BleepingComputer from Vitali Kremez from Advanced Intel, among the compromised remote desktop servers and login credentials currently being sold in hacking sites and other private transactions include those coming from Australia, Brazil, and Turkey.
Following the ransomware attack, Equinix has launched an investigation on the security incident. The company promises to disclose more details in the future.
Despite the ransomware attack, Equinix maintains that it remains fully operational to the public. As of writing, ZD Net notes that there are no signs that the company is trying to cover up the security incident. There are also still no customer complaints on social media channels.