Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
The Play ransomware operation was responsible for a cyberattack that brought Rackspace’s hosted Microsoft Exchange environment down in December.
According to Rackspace, attackers behind last month’s incident gained access to some of its customers’ Personal Storage Table (PST) files, which contain a wide range of information, including emails, calendars, contacts, and notes.
It was also discovered that 27 Rackspace customers had their storage folders accessed by the attackers. In addition, the company said there is no evidence that they viewed or misused the backup files.
According to Rackspace in a report shared in advance with BleepingComputer, the threat actor accessed a Personal Storage Table (‘PST’) of 27 Hosted Exchange customers among the nearly 30,000 customers in the Hosted Exchange email environment at the time of the attack.
However, it is essential to note that there is no evidence that the threat actor viewed, obtained, misused, or disseminated any of the 27 Hosted Exchange customers’ emails or data in the PSTs.
The Rackspace team assures customers that the threat actor did not access their PST data. Furthermore, RackSpace claims that there is no evidence that threat actors accessed customer data, but history shows that this is rarely the case.
If a ransom is paid, the data may not be leaked, but customer data was most likely viewed at some point during the attack.
Victims Can Download Some Recovered PST Data
Rackspace has been offering free licenses to migrate customers’ email from its Hosted Exchange platform to Microsoft 365 since discovering the attack on December 2.
Customers affected by the cloud computing provider can also download recovered historic mailbox data (containing email messages before December 2) via an automated queue through their customer portal.
The company is proactively notifying customers whose mailboxes have been recovered to greater than 50%.
According to a Rackspace spokesperson, the email data is being restored from Rackspace’s backups or using a decryption tool provided by the Play ransomware hackers.
It was already planning to migrate customers to Microsoft 365 before the December ransomware attack, Rackspace said in today’s update.
The Hosted Exchange email environment will not be rebuilt as a go-forward service, Rackspace announced.
The Hosted Exchange email environment had already been planned for migration to Microsoft 365, which has a more flexible pricing model and offers more modern features.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, YouTube, and Instagram for more cybersecurity news and topics.
Gabriella is the Social Media Manager and Cybersecurity Communications Officer at Heimdal®, where she orchestrates the strategy and content creation for the company's social media channels. Her contributions amplify the brand's voice and foster a strong, engaging online community. Outside work, you can find her exploring the outdoors with her dog.
