Rackspace confirms ransomware attack after Exchange outages
The cloud service provider said that because the investigation of the ransomware attack is in the early stages, it is unknown what, if any, customer data was stolen.
Rackspace confirmed that a ransomware attack caused the recent outages for its hosted Microsoft Exchange service.
The cloud service provider disclosed the attack in a press release Tuesday morning. The disclosure follows a tumultuous weekend for Rackspace, which on Saturday said it was experiencing outages in its Hosted Exchange environment due to a "security incident."
The outages are ongoing, according to the vendor's status page, and Rackspace is currently moving its Hosted Exchange customers over to Microsoft 365 to limit disruption.
According to the press release, Rackspace believes the breach was limited to its Hosted Exchange environment, and it took immediate action to isolate the environment once the compromise was detected. Moreover, the vendor said it has "engaged a leading cyber defense firm" to work alongside the company's internal security team, though Rackspace did not name the firm.
"Rackspace Technology's other products and services are fully operational, and the company has not experienced an impact to its Email product line and platform," the press release read. "Out of an abundance of caution, Rackspace Technology has put additional security measures in place and will continue to actively monitor for any suspicious activity."
On its status page, the vendor said that due to the stage of the investigation, "it is too early to say what, if any, data was affected" and that Rackspace will notify customers if it discovers data has been stolen.
Rackspace did not disclose a potential ransom demand, whether the company paid said ransom, which ransomware group was involved or how threat actors gained access. The company declined TechTarget Editorial's request for more details, citing the ongoing investigation.
Notably, the press release also cited a potential negative effect on Rackspace's business.
"Although Rackspace Technology is in the early stages of assessing this incident, the incident has caused and may continue to cause an interruption in its Hosted Exchange business and may result in a loss of revenue for the Hosted Exchange business, which generates approximately $30 million of annual revenue in the Apps & Cross Platform segment," it read. "In addition, Rackspace Technology may have incremental costs associated with its response to the incident."
In an update to Rackspace's status page Monday night, the company said it had already moved "thousands of customers" from its Hosted Exchange service to Microsoft 365, though the exact number of clients affected by the ransomware attack is unclear. Rackspace also said its call queue hold times were two to three hours and encouraged customers to use the callback feature to request support.
Alexander Culafi is a writer, journalist and podcaster based in Boston.