Rackspace Hosted Exchange outage was caused by ransomware

Rackspace has finally confirmed the cause of the ongoing outage of its Hosted Exchange service: it’s ransomware.

Rackspace ransomware

“As you know, on Friday, December 2nd, 2022, we became aware of suspicious activity and immediately took proactive measures to isolate the Hosted Exchange environment to contain the incident. We have since determined this suspicious activity was the result of a ransomware incident,” the company stated in the newest released service announcement.

“Alongside our internal security team, we have engaged a leading cyber defense firm to investigate. Our investigation is still in its early stages, and it is too early to say what, if any, data was affected. If we determine sensitive information was affected, we will notify customers as appropriate.”

The confirmation came just a few hours after the publication of a press release on the situation, in which Rackspace said the security incident “may result in a loss of revenue for the Hosted Exchange business, which generates approximately $30 million of annual revenue in the Apps & Cross Platform segment,” and that they expect to have “incremental costs associated with its response to the incident.”

The company did not share details about how the attackers got in and deployed the ransomware.

Rackspace is working on mitigating the fallout of the ransomware incident for customers

“We are working to provide customers with archives of inboxes where available, to eventually import over to Microsoft 365,” the company stated.

As explained before, Rackspace has offered affected customers a free Microsoft Exchange Plan 1 license on Microsoft 365, and has using a growing support team to help them migrate their users and domains to that service and to reconfigure their DNS for their domain (i.e., modify their DNS records at their authoritative nameserver) to complete the migration.

They also provided a temporary solution that would allow customers to continue receiving emails until they set up Microsoft 365: a forwarding option that would send mail destined for a Hosted Exchange user to an external email address. (This option also requires the help of the support team.)

“We understand the frustration this situation has caused for our customers and are doing everything we can to support them in migrating to Microsoft 365,” the company said, but did offer any indication on whether they hope those customers to return.

“At this time, we are unable to provide a timeline for restoration of the Hosted Exchange environment,” Rackspace shared. “The Company’s other products and services are fully operational, and we have not experienced any impact to our Rackspace Email product line and platform. Out of an abundance of caution, we have put additional security measures in place and will continue to actively monitor for any suspicious activity.”

Don't miss