ARN

Ransomware attack knocks Rackspace’s Exchange servers offline

Rackspace’s hosting for Exchange servers remained offline after an outage the provider now ascribes to a ransomware attack.
  • Jon Gold (Network World)
  • 07 December, 2022 08:59

Rackspace Technology has acknowledged that a recent incident took most of its Hosted Exchange email server business offline was the product of a ransomware attack. 

The cloud services and hosting provider shut the service down 2 December. It was not, initially, clear what had caused the outage, but Rackspace quickly moved to shift Exchange customers over to Microsoft 365, as this part of the company’s infrastructure was apparently unaffected.

Rackpsace offers migration to Microsoft 365

Rackspace said there was “no timeline” for a restoration of Exchange service, but it is offering Exchange users technical assistance and free access to Microsoft 365 as a substitute, though it acknowledged that migration is unlikely to be a simple process for every user.

Rackspace said while the migration is in progress, customers can forward email sent to their Hosted Exchange inboxes to an external server, as a temporary workaround.

The provider said the incident was isolated to its Hosted Exchange business, and that the rest of its lineup of products and services are fully functional.

It’s unclear how Rackspace was able to limit the access of the ransomware attackers to one corner of its operations, and the company did not respond to a request for comment on this point. The investigation is “still in its early stages,” according to Rackspace’s official updates on the matter.

The company added it was unable to ascertain whether any consumer data was affected by the attack but pledged to notify customers if that proves to be the case. Some email archives remain accessible, according to the updates, and Rackspace said it was working to provide those to customers “where available,” as a precursor to migrating over to Microsoft 365.

Rackspace has hired “a leading cyber defence firm” to assist in the investigation, though it declined to name the company publicly.

“Out of an abundance of caution, we have put additional security measures in place and will continue to actively monitor for any suspicious activity,” Rackspace said in its latest advisory.

In a public statement, the company said despite the ongoing nature of its investigation, it can say the cyberattack has affected its bottom line. The Hosted Exchange business generates roughly US$30 million a year, and a prolonged outage, with its associated costs, is likely to dent that figure.