Cloud computing provider Rackspace said Tuesday morning a ransomware attack is behind its ongoing Hosted Exchange outage that started early Friday morning.

“As you know, on Friday, December 2nd, 2022, we became aware of suspicious activity and immediately took proactive measures to isolate the Hosted Exchange environment to contain the incident,” the company said in an update to the initial incident report. “We have since determined this suspicious activity was the result of a ransomware incident.”

The investigation, led by a cyber defense firm and Rackspace’s own internal security team, is in its early stages and is still investigating if any data ended up purloined.

The San Antonio, Texas-based cloud service provider said it will notify customers if it finds evidence attackers gained access to their sensitive information.

Rackspace said in its daily advisory:

Schneider Bold

Updated Advisory
“We appreciate your patience as we continue to work through the security issues that have affected our Hosted Exchange environment. As you know, on Friday, December 2nd, 2022, we became aware of suspicious activity and immediately took proactive measures to isolate the Hosted Exchange environment to contain the incident. We have since determined this suspicious activity was the result of a ransomware incident.

“Alongside our internal security team, we have engaged a leading cyber defense firm to investigate. Our investigation is still in its early stages, and it is too early to say what, if any, data was affected. If we determine sensitive information was affected, we will notify customers as appropriate.

“Based on the investigation to date, we believe that this incident was isolated to our Hosted Exchange business. The Company’s other products and services are fully operational, and we have not experienced any impact to our Rackspace Email product line and platform. Out of an abundance of caution, we have put additional security measures in place and will continue to actively monitor for any suspicious activity.

“Rackspace is making available resources so that customers can migrate their users and domains to Microsoft 365. At this time, we are unable to provide a timeline for restoration of the Hosted Exchange environment. We are working to provide customers with archives of inboxes where available, to eventually import over to Microsoft 365.

“As a temporary solution while you set up Microsoft 365, it is possible to also implement a forwarding option that will allow mail destined for a Hosted Exchange user to be routed to an external email address. Please log in to your customer account for a ticket with instructions to request this option. Customers should reply to the ticket to request the forwarding rule be put into place for each of their users.

Email Options
“If you do not see this ticket in your account and would like to take advantage of this option, please open a support ticket with the title: REQUESTING FORWARDING FOR HOSTED EXCHANGE. We will work with you to get this set up. NEW mail that is sent after the forwarding rule is put in place will be forwarded to the external address specified.

“Notably, the forwarding rule will not apply retroactively to mail sent before the rule is put into place. This option can be used as a temporary solution while you set up Microsoft 365. Once you have fully set up Microsoft 365 and updated your DNS MX records, this forwarding rule will no longer be needed.

“We understand the frustration this situation has caused for our customers and are doing everything we can to support them in migrating to Microsoft 365. We have surged our support staff and will be taking additional steps to help guide our customers through this process in order to limit the impact to their own operations.

“We appreciate your continued patience and apologize for the inconvenience this situation has had on our valued customers. We are doing everything we can to make this right and will continue to provide updates and resources as available,” the advisory said.

Other Services Operational
Rackspace said its other products and services are fully operational, and the company has not experienced an impact to its email product line and platform.

The company also said it expects a loss of revenue because of the ransomware attack.

“Although Rackspace Technology is in the early stages of assessing this incident, the incident has caused and may continue to cause an interruption in its Hosted Exchange business and may result in a loss of revenue for the Hosted Exchange business, which generates approximately $30 million of annual revenue in the Apps & Cross Platform segment. In addition, Rackspace Technology may have incremental costs associated with its response to the incident,” the company said in a release.

No further information was immediately available on who was behind the ransomware attack and how much the attackers were asking for.

ISSSource

Pin It on Pinterest

Share This