Rackspace Confirms Ransomware Attack on Hosted Exchange Service
Managed services provider Rackspace issued an announcement on Tuesday confirming that its hosted Microsoft Exchange e-mail service was disrupted by a ransomware attack.
The attack was initially described by San Antonio, Texas-based Rackspace on Friday, Dec. 2 as "connectivity issues" that were affecting its hosted Exchange service, per its service status log. On that day, Rackspace actually shut down that service. It indicated then that "a portion of our Hosted Exchange platform" had been affected.
Rackspace also on Dec. 2 began helping its customers move to the Microsoft 365 service.
"At no cost to you, we will be providing you access to Microsoft Exchange Plan 1 licenses on Microsoft 365 until further notice," Rackspace told its hosted Exchange customers at that time.
Later, on Dec. 5, Rackspace communicated that it had moved thousands of its hosted Exchange customers to Microsoft 365, restoring their e-mail service:
We have successfully restored email services to thousands of customers on Microsoft 365 and continue to make progress on restoring email service to every affected customer. At this time, moving to Microsoft 365 is the best solution for customers who can now also implement temporary forwarding.
Rackspace's own branded e-mail service and other services apparently were not affected by the ransomware attack, per a statement in the company's press release:
Based on the investigation to date, Rackspace Technology believes that this incident was isolated to its Hosted Exchange business. Rackspace Technology's other products and services are fully operational, and the company has not experienced an impact to its Email product line and platform.
Rackspace is still estimating the damage from the attack, but it suggested the ransomware attack could affect its hosted Exchange business, including a substantial revenue loss for the company. Its hosted Exchange business "generates approximately $30 million of annual revenue in the Apps & Cross Platform segment," the company's announcement explained.
Rackspace indicated in its service incident log that it had put "roughly 1000 support Rackers" on call on a "24/7 basis" to assist its hosted Exchange customers move to the Microsoft 365 service.
Rackspace has "engaged a leading cyber defense firm to investigate" the ransomware incident, and is planning to post updates "as warranted." The investigation was said to be in its "early stages," and it wasn't clear if any data were affected by the attack. It is continuing to monitor for suspicious activities.
"If we determine sensitive information was affected, we will notify customers as appropriate," Rackspace indicated.
Rackspace isn't offering an estimate on when its hosted Exchange service may be restored.
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.