Rackspace Confirms Hosted Exchange Outage Caused by a Ransomware Attack

The cloud computing company Rackspace has confirmed that its ongoing Hosted Exchange outage was the result of a ransomware attack. The attack was detected on December 2, with the Texas-based company confirming proactive measures were taken to contain the breach by isolating its Hosted Exchange environment, with the investigation confirming this was a ransomware attack. At this early stage of the investigation, it has yet to be determined if the attackers gained access to any sensitive customer data. A leading cyber defense firm has been engaged to investigate the breach, and customers will be notified in due course if their data has been exposed or stolen. Rackspace said the attack only affected a portion of its Hosted Exchange platform, but it was necessary to shut down and disconnect its entire Hosted Exchange environment.

While the investigation is ongoing, Rackspace believes the attack only affected its Hosted Exchange business. All other products and services are fully operational, including the Rackspace Email product line. As of December 6, 2022, its Hosted Exchange environment is not operational, which includes MAPI/RPC, POP, IMAP, SMTP, ActiveSync, and the Outlook Web Access interface. Rackspace is unable to provide a timeline for restoration.

In the meantime, resources have been made available for customers to migrate their users and domains to Microsoft 365 and customers have been provided with Microsoft Exchange Plan 1 licenses and instructions to help them migrate to Microsoft 365 until the Hosted Exchange environment is restored.  Where available, customers are being provided with archives of inboxes and there is a forwarding option that will automatically reroute all emails sent to a Hosting Exchange user to an external email address.

Rackspace said in an 8-K SEC filing that the continued disruption will have a financial impact on its $30 million Hosted Exchange business, and there will be incremental costs associated with the breach response, but did not provide an estimate on how much the ransomware is likely to cost.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news