Security Experts:

Connect with us

Hi, what are you looking for?



Data Center Provider Equinix Hit by Ransomware

Data center and colocation services provider Equinix this week revealed that it was the victim of a ransomware attack.

Headquartered in Redwood City, California, Equinix operates over 200 data centers across 25 countries around the world.

Data center and colocation services provider Equinix this week revealed that it was the victim of a ransomware attack.

Headquartered in Redwood City, California, Equinix operates over 200 data centers across 25 countries around the world.

The incident, which the data center giant disclosed earlier this week, has only impacted some of the company’s internal systems.

According to Equinix, it was able to quickly address the security incident and its teams are currently investigating the attack. Law enforcement was alerted as well.

“Our data centers and our service offerings, including managed services, remain fully operational, and the incident has not affected our ability to support our customers,” the company said.

Furthermore, Equinix points out that most of its customers “operate their own equipment within Equinix data centers,” meaning that the attack did not affect their operations. Furthermore, data on customer equipment at Equinix was not impacted either, the data center giant claims.

“The security of the data in our systems is always a top priority and we intend to take all necessary actions, as appropriate, based on the results of our investigation,” the company continues.

Equinix did not provide information on how the attackers were able to breach its systems, nor on the type of ransomware used, but BleepingComputer claims that the NetWalker ransomware was used.

The attackers apparently demanded a $4.5 million (455 bitcoin) ransom from Equinix, claiming they were able to download sensitive data from the company’s servers and threatening they would make the data public unless the ransom is paid.

In July 2020, the FBI issued an alert on NetWalker attacks targeting businesses in the United States and abroad, explaining that the malware’s operators exploit known vulnerabilities in VPN appliances and web apps, and Remote Desktop Protocol connections.

With Equinix having the credentials for tens of RDP servers sold on the dark web, it’s likely that this was the attack vector used in this incident.

“This attack once again demonstrates the importance of having security visibility into all of your company’s digital assets – both inside and outside of your perimeter. Anything that connects to your corporate infrastructure can act as an entry point for threat actors,” Hank Schless, Senior Manager, Security Solutions at Lookout, said in an emailed comment.

“Equinix is doing the right thing by putting out a statement within 72 hours, which aligns them with Article 33 of the GDPR that requires notification of a breach within that time frame. This will help minimize the long term impacts,” Schless continued.

Jamie Hart, Cyber Threat Intelligence Analyst at Digital Shadows, commented, “Organizations need to ensure that RDP servers are secure, such as prohibiting RDP connections over the open internet, using complex passwords and multifactor authentication, limiting privileged access and minimizing the number of local administrator accounts, and using Firewalls to restrict access. Also, keep software and operating systems updated and maintain a relevant and well-practiced response plan per your organization’s threat model is imperative. Finally, conduct regular security awareness training that includes instruction on how to spot phishing email, how to report suspicious emails, and when to be critical of links or attachments.”

Related: FBI Warns of NetWalker Ransomware Targeting Businesses

Related: UCSF Pays Cybercriminals $1.14 Million to Recover Files After Ransomware Attack

Related: Ransomware Operators Claim They Hacked Printing Giant Xerox

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.