Equinix Investigates Ransomware Attack on Internal Systems Equinix, a global data center and interconnection provider, confirmed a security incident involving ransomware on some of its internal systems. The company detected the attack and took immediate action, including notifying law enforcement, while assuring customers that its data centers and service offerings including managed services remain fully operational. Equinix emphasized that the incident did not affect customer equipment or data, as most clients operate their own infrastructure within its facilities. The company stated that it is prioritizing the security of its systems and will take further steps based on its investigation. Reports from Bleeping Computer suggest the attack was carried out by the Netwalker ransomware group, which demanded $4.5 million in Bitcoin, threatening to double the ransom if unpaid. Screenshots indicate that financial records, payroll, accounting, and audit data were targeted, with potential ties to Equinix’s Australian operations. On September 16, Equinix announced that containment efforts had progressed, preventing the release of any compromised data. By September 17, the company declared the incident fully contained, with internal systems nearing full restoration. Throughout the event, Equinix maintained that customer services and data center operations remained unaffected.

Threat actors are seeking $4.5 million for a decryptor in the Netwalker ransomware attack that has targeted Equinix in order to prevent the dissemination of stolen data. An anonymous source gave BleepingComputer access to a Netwalker ransom message that was purportedly from an Equinix hack that took place over the Labour Day weekend. This note provides information on what data was obtained during the attack on Equinix as well as how Equinix was penetrated. With a link to a screenshot of allegedly stolen data, this note has a personalized message for the victim.