The infamous Netwalker hacking group this week breached the security layers of data center giant Equinix and encrypted the data of its clients.
A source shared the Netwalker ransom note with BleepingComputer, revealing that the attack occurred over the Labor Day holiday weekend. An accompanying screenshot shows the encrypted/stolen data includes folders of financial information, payroll, accounting, audits, and data center reports.
Most of the data belongs to Equinix’s Australian customer base, the images suggest. The Netwalker gang demands a $4.5 million ransom to restore the data, and threatens to double it to $9 million and even publish the data if their demands are not met.
The data center giant this week acknowledged the incident and provided the following statement to the media:
“Equinix is currently investigating a security incident we detected that involves ransomware on some of our internal systems. Our teams took immediate and decisive action to address the incident, notified law enforcement and are continuing to investigate. Our data centers and our service offerings, including managed services, remain fully operational, and the incident has not affected our ability to support our customers. Note that as most customers operate their own equipment within Equinix data centers, this incident has had no impact on their operations or the data on their equipment at Equinix. The security of the data in our systems is always a top priority and we intend to take all necessary actions, as appropriate, based on the results of our investigation.”
BleepingComputer reached out to security researcher Vitali Kremez about the attack and learned that Equinix has no less than 74 remote desktop servers and associated login credentials being auctioned in hacker forums on the dark web.