Rackspace, a Texas-based provider of cloud computing services, has today confirmed that the Hosted Exchange outage is being caused by a ransomware attack.
“As you all know, Friday December 2, 2022 was a day of unusual activity. We immediately initiated proactive steps to eliminate the Hosted Exchange environment and contain the incident,” stated the company in an updated to the .
We have now determined that this unusual activity is the result of ransomware.
Rackspace claims that its investigation is being led by an internal security team and a cyber defense company. There are no details on what data, if any.
If it discovers evidence of attackers accessing sensitive data, the cloud provider will inform customers.
Rackspace Technology concluded that the incident occurred in connection with its Hosted Exchange business based on current investigation. The company released a .
Rackspace Technology has no impact on its Email platform or product lines.
UPDATE: We became aware of unusual activity in the Hosted Exchange environment around 12/2 and have determined it to be ransomware. Our security team has been working closely with the leading cyber defense company to find out more. Status:
— Rackspace Technology (@Rackspace)
The company also revealed in and in <a href="https://www.sec.gov/ix?doc=/Archives/edgar/data/0001810019/000119312522298940/d388117d8k.htm#:~:text=Although%20we%20are,to%20the%20incident." An 8-K SEC filing revealed that the company expects to lose revenue from ransomware attacks on its $30 million Hosted Exchange business.
Rackspace Technology said that although the company is still assessing the impact of the incident, Rackspace Technology has experienced and will continue to experience disruptions in their Hosted Exchange business. This could result in revenue loss for its Hosted Exchange, which earns about $30 million annually in the Apps and Cross Platform segments.
Rackspace Technology could incur additional costs in response to this incident.
Rackspace is still experiencing an outage in all its Hosted Exchange services, such as MAPI/RPC and POP. IMAP, SMTP and ActiveSync. Also, the Outlook Web Access interface (OWA), which provides online email management, will be affected.
The company first acknowledged the problem on Friday at 02:49 EST. Today, however, is the fourth day of the announcement.
Rackspace revealed that the real cause of the outage occurred twenty-four hours later. Rackspace described it as an isolated security issue “isolated from a portion our Hosted Exchange platform”, which forced Rackspace to disconnect and shut down the Hosted Exchange environment.
Today, the company confirmed some customer concerns. They suspected that the outage could be caused by malware or ransomware attacks, based on the lack of information.
Rackspace began Friday night providing Microsoft Exchange Plan 1 licenses to affected customers and details on how to migrate email to Microsoft 365. This will continue until the issue is resolved. Information on activating these licenses free of charge and how to move users’ mail to Microsoft 365 can be found in .
Customers can also use the company’s temporary solutions during migration to Microsoft 365. This includes a forwarding option, which will route any mail that is sent to a Hosted Exchange user directly to an external address.
We are currently unable to give a timeframe for the restoration of Hosted Exchange. Rackspace today added that they are currently working with customers to offer them archives of their inboxes, which will eventually be imported over to Microsoft 365.