Gorodenkoff - stock.adobe.com

Datacentre firm Equinix investigating ransomware attack

A number of internal systems at cloud and datacentre firm Equinix have been affected by a ransomware attack

Cloud and datacentre services firm Equinix is investigating a ransomware cyber attack that has left an undisclosed number of its internal systems offline, but has moved to reassure its customers that the incident is not affecting its customers or service levels.

At the time of writing, details of the incident were thin on the ground, and there was no indication of what strain of ransomware has been used or precisely what systems were affected.

In a brief statement posted to its website on the evening of 9 September 2020, Equinix said its teams took “immediate and decisive” action to address the incident, including notifying law enforcement.

“Our datacentres and our service offerings, including managed services, remain fully operational, and the incident has not affected our ability to support our customers,” it said.

“As most customers operate their own equipment within Equinix datacentres, this incident has had no impact on their operations or the data on their equipment at Equinix.

“The security of the data in our systems is always a top priority and we intend to take all necessary actions, as appropriate, based on the results of our investigation,” said Equinix.

As other service providers such CyrusOne and Cognizant have learned to their cost, tech firms can be particularly at risk of attempts by cyber criminals to breach their systems because they frequently hold substantial amounts of their customers’ most sensitive data. If accessed by malicious actors via lateral movement, this can open up a pathway to future attacks.

With 2019 sales approaching $6bn, Equinix operates around 200 datacentres globally and supports thousands of customers including many of the world’s largest corporations, so a wider cyber attack could be devastating for its operations.

It is important to note that at this stage that given the firm’s disclosure states only internal systems are impacted in this incident, there is no indication that any data belonging to Equinix’s customers has been compromised. Nevertheless, investigating the possibility will almost certainly be a key part of its forensic probe.

Last month, the company came in for criticism after a UPS failure took out its LD8 IBX datacentre in London’s Docklands. Home to one of 11 points of presence (PoPs) for two of the London Internet Exchange (LINX) peering local-area networks (LANs), the disruption caused outages for internet service providers (ISPs), telcos, and website hosting outfits, many of which took to social media to complain about a lack of response from Equinix.

Read more about ransomware

  • As ransomware attacks increase, hackers are diversifying their tactics to get victims to hand over larger sums of money. We investigate the rise of double extortion attacks.
  • New research looks under the bonnet of a Dharma ransomware attack, with the ransomware's ease of use being particularly dangerous for small to medium-sized enterprises.
  • The operators of the Avaddon ransomware seem to be tooling up to leak the data of their victims in addition to holding it to ransom, Cofense researchers confirm.

Read more on Data breach incident management and recovery