Rackspace Confirms Ransomware Attack as Customers Suffer Outage
Rackspace on Wednesday confirmed it was hit by a ransomware attack that has impacted its email services. The cloud company called it an isolated incident that took down its Hosted Exchange implementations.
Rackspace became aware of the ransomware attack on Friday, December 2, 2022. At the time, Rackspace said it was a security incident. This week, the company confirmed it suffered a ransomware attack that, as multiple social media posts suggest, probably took place days ago.
Rackspace clarified that the ransomware attack was limited to Exchange and has had no impact on its Rackspace Email service after customers, primarily small to medium size businesses, reported connectivity and login issues.
It is unclear if any customer or employee data was compromised. “Our investigation is still in its early stages, and it is too early to say what, if any, data was affected. If we determine sensitive information was affected, we will notify customers as appropriate,” Rackspace said.
Security researcher Kevin Beaumont has reasons to believe the Rackspace ransomware attack was carried out through ProxyNotShell (or NotProxyShell, CVE-2022-41040 and CVE-2022-41082) vulnerabilities recently discovered in Microsoft Exchange.
Rackspace said it has restored services for thousands of customers by migrating them to Microsoft 365 with Microsoft Exchange Plan 1 licenses. The company is also providing an email forwarding option to those impacted and said it is working with a cyber defense firm to investigate the incident and to restore services for the rest of the customers.
Rackspace didn’t comment on the precise number of customers affected but expects “a loss of revenue for the Hosted Exchange business.” So it is safe to assume that the impact area, comprising small to medium businesses, is significant. Rackspace’s Hosted Exchange service generates approximately $30 million in annual revenue.
“This latest update from Rackspace will leave many of the company’s customers highly concerned that their data is now in the hands of cybercriminals. If this is the case, thousands of companies across the world will feel the consequences of this attack, and it will once again highlight that when an organization is taking on the responsibility of storing or hosting data belonging to businesses, it has an even greater duty to keep it secure,” Jordan Schroeder, managing CISO at Barrier Networks, told Spiceworks.
“While this incident is being investigated, any customers of Rackspace must be vigilant for attacks and suspicious activity on their networks. It will also be worthwhile implementing a dark web monitoring solution to make sure none of their customer data is posted on hacker forums on the internet.
Some customers took to social media to express their unhappiness over the incident and Rackspace’s response. “Rackspace hosts my company email, Dallas Capital, and they have been hacked and as a result my email has been down for several days. As a result, have not rec’d or responded to an email since Thursday. Working on interim and final solution,” wrote one customer on LinkedIn.
Many others voiced unresponsiveness on the part of the cloud service provider.
3 tickets – 0 replies.
— Richard Howell (@Richard_0305) December 5, 2022
Schroeder added, “Rackspace also must re-evaluate its defences against ransomware, because when it comes to modern threats, prevention is always better than cure. This involves re-establishing their cyber hygiene baseline, using Zero Trust principles to limit the impact of breaches by protecting key accounts and preventing lateral movement, and training employees regularly on cybersecurity and the evolving threat landscape.”
Rackspace laid off 10% of its 6,600+ workforce in July 2022.
Image source: Shutterstock