Heimdal Security Blog

Texas Cloud Computing Company Rackspace Confirms Ransomware Attack

Rackspace, a cloud computing provider based in Texas, confirmed earlier this week that it is facing a ransomware attack, which is also the reason behind an outage in its Hosted Exchange business. While the investigation takes place, the company states that this is an isolated incident and that its other products and services have not been impacted.

As you know, on Friday, December 2nd, 2022, we became aware of suspicious activity and immediately took proactive measures to isolate the Hosted Exchange environment to contain the incident. We have since determined this suspicious activity was the result of a ransomware incident.

Based on the investigation to date, we believe that this incident was isolated to our Hosted Exchange business. Our other products and services are fully operational, and we have not experienced an impact to our Rackspace Email product line and platform. Rackspace is making available resources so that customers can migrate their users and domains to Microsoft 365.

Source

A cyber defense firm and Rackspace’s own internal security team are currently conducting the investigation, which Rackspace says is still in its early stages.

If the cloud provider discovers any signs that the hackers were able to access their customers’ private data, it will issue a notification to those affected.

The company is working to provide customers with archives of inboxes where possible, but at this time they are unable to provide a timetable or expectations for restoration to the Hosted Exchange environment.

So that their customers’ operations are disrupted as little as possible, the company increased the size of their support team and is planning additional measures to aid them during this transition.

Mediation and Impact

All Hosted Exchange services, including MAPI/RPC, POP, IMAP, SMTP, and ActiveSync, and the Outlook Web Access (OWA) interface for managing email online are still unavailable due to Rackspace’s outage, according to Bleeping Computer.

Rackspace began providing affected customers with Microsoft Exchange Plan 1 licenses and detailed instructions on how to migrate their email to Microsoft 365 on Friday evening and will continue to do so until the outage is resolved.

During the migration to Microsoft 365, the company also offers a temporary solution for customers: a forwarding option that will automatically route all mail sent to a Hosted Exchange user to an external email address.

In a press release published on the 6th of December, the company revealed that it anticipates a drop in earnings from its $30 million Hosted Exchange business as a result of the ransomware attack.

Although Rackspace Technology is in the early stages of assessing this incident, the incident has caused and may continue to cause an interruption in its Hosted Exchange business and may result in a loss of revenue for the Hosted Exchange business, which generates approximately $30 million of annual revenue in the Apps & Cross Platform segment.

Source

According to Market Watch, Rackspace Inc. shares were off 1.6%  on Tuesday morning.

Kevin Beaumont, a security researcher, has reason to believe ProxyNotShell (or NotProxyShell, CVE-2022-41040 and CVE-2022-41082) vulnerabilities recently discovered in Microsoft Exchange were exploited in the Rackspace ransomware attack.

Rackspace Technology’s full press release is available here, and the incident report can be accessed here.

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.