[Records Exposed: Undisclosed | Industry: Internet | Type Of Attack: Ransomware]
Equinix is the latest victim in a long line of ransomware targets. The data center and colocation service provider released a short statement on September 9 that read,
“Equinix is currently investigating a security incident we detected that involves ransomware on some of our internal systems. Our teams took immediate and decisive action to address the incident, notified law enforcement and are continuing to investigate. Our data centers and our service offerings, including managed services, remain fully operational, and the incident has not affected our ability to support our customers. Note that as most customers operate their own equipment within Equinix data centers, this incident has had no impact on their operations or the data on their equipment at Equinix. The security of the data in our systems is always a top priority and we intend to take all necessary actions, as appropriate, based on the results of our investigation.”
The threat actors are demanding $4.5 million in exchange for a decryptor and the promise that they won’t release stolen data. However, Equinix updated their statement on September 14 to reiterate that customers’ data and operations remain safe.
Related: Cyber Security Standards and Frameworks
It appears the guilty party is the young cybercriminal group known as NetWalker who first burst on the scene in August of 2019. Their success lies in their ability to automate ransomware attacks, including a countdown clock and prefab ransom note that populates at just the right time during the operation. Ransomware-as-a-Service (RaaS) poses an increasing threat across the cyber security landscape, as it allows inexperienced or less technical hackers purchase the automation software needed to execute such a hack.
With NetWalker acting as the gatekeeper, hacker groups go through a screening process before gaining access to a web portal that holds NetWalker’s ransomware, which can then be customized to fit their specific needs. NetWalker’s commission of 20% has earned the group $25 million between March 1 and July 27.
Lessons Learned:
If it seems like ransomware attacks have been in the news a lot lately, it’s because they have. In fact, a report by Coalition discovered that in the first half of 2020, 41% of cyber insurance claims were ransomware incidents. It was also reported that, while ransomware attacks are becoming slightly less frequent, their rate of success and size of target are growing. In other words, the increasingly sophisticated strategies of these threat actors poses real risks to even the most developed enterprise.
Related: How To Preemptively Track Phishing Campaigns
While ransomware attacks are specific in their execution, the vulnerabilities exploited to make them possible are the same as most other cyber threats. Specifically, 54% of cyber attacks are achieved through email (malware) and phishing schemes.
Quick Tips:
Ransomware attacks rely in part on lax cyber protocols. In order to best safeguard your enterprise from this growing threat, consider the following:
- Back up data smartly – One of the ways cyber criminals convince corporations to pay ransoms is by holding their data hostage by encrypting it. While most enterprises back up their data, it is often located in the same compromised infrastructure the original data. Consider backing up data to external drives or a second cloud service provider.
- Choose a reputable security suite – Standard antivirus software and basic firewalls may be sufficient for the layperson, but enterprises should invest in a security suite that uses smart tools and sophisticated algorithms to spot and, if possible, remove ransomware. The tool must be able to run in the background 24/7.
- Install Software Updates – Cyber criminals look for the path of least resistance. Such a path is usually found in outdated software that hasn’t downloaded the most up-to-date patches, bug fixes, and other newly designed features. Remember to keep all apps, plug-ins, and third-party software up to date as well.
Read More: Incident Of The Week
