Rackspace says ransomware attack caused outage

Cloud computing giant Rackspace confirmed on Tuesday that a ransomware attack caused a widespread outage that crippled email services for thousands of people.

Since Friday, the company has been dealing with an outage that took down the Microsoft Outlook Web App for thousands of customers and caused other downstream issues. The company runs a lucrative business centered on hosting Microsoft Exchange infrastructure, which offers customers Microsoft email, calendar, and contact software.

The company said on Tuesday that a ransomware attack affected their Hosted Exchange environment, which is the root cause of the service disruption. 

UPDATE: Since becoming aware of suspicious activity in our Hosted Exchange environment on 12/2, we’ve determined that the isolated disruption is the result of ransomware and our security team is working with a lead cyber defense firm to investigate. Status:https://t.co/Uz0k8GL7Sg

— Rackspace Technology (@Rackspace) December 6, 2022

Rackspace said it hired a cybersecurity team to investigate the incident and isolated the Hosted Exchange environment in an effort to contain the damage. 

“Based on the investigation to date, Rackspace Technology believes that this incident was isolated to its Hosted Exchange business. Rackspace Technology’s other products and services are fully operational, and the company has not experienced an impact to its Email product line and platform,” the company said, eventually noting in the statement that the incident “may continue to cause an interruption.” 

“Out of an abundance of caution, Rackspace Technology has put additional security measures in place and will continue to actively monitor for any suspicious activity.”

The company said it will "migrate their users and domains to Microsoft 365” in addition to other additional measures.

“At this time, we are unable to provide a timeline for restoration of the Hosted Exchange environment. We are working to provide customers with archives of inboxes where available, to eventually import over to Microsoft 365,” they said. 

“As a temporary solution while you set up Microsoft 365, it is possible to also implement a forwarding option that will allow mail destined for a Hosted Exchange user to be routed to an external email address. Please log in to your customer account for a ticket with instructions to request this option. Customers should reply to the ticket to request the forwarding rule be put into place for each of their users.”

As of Monday, the company’s support staff had already “helped thousands of customers move tens of thousands of users” to Microsoft 365 and restored email services for thousands of customers.

The company did not respond to requests for comment about what percentage of customers have been moved over to Microsoft 365.  

According to Rackspace's statement, their Hosted Exchange business generates $30 million in annual revenue, and the incident is likely to cause a loss in revenue. Shares of the company were down on Monday.

Social media has been inundated with customers complaining about not being able to access services in connection to the Rackspace outage. 

Please @rackspace level with your customers. This outage is so damaging for my business and stressful. Will Managed Exchange ever be back up and running? If so when? Has our data been breached?

— EstateTerrier (@EstateTerrier) December 5, 2022

Cybersecurity expert Kevin Beaumont examined evidence from the incident and said the attack may have been caused by hackers exploiting ProxyNotShell – a dangerous set of vulnerabilities affecting Exchange Server software.