Rackspace says ransomware attack caused outage

Cloud computing giant Rackspace confirmed on Tuesday that a ransomware attack caused a widespread outage that crippled email services for thousands of people.

Since Friday, the company has been dealing with an outage that took down the Microsoft Outlook Web App for thousands of customers and caused other downstream issues. The company runs a lucrative business centered on hosting Microsoft Exchange infrastructure, which offers customers Microsoft email, calendar, and contact software.

The company said on Tuesday that a ransomware attack affected their Hosted Exchange environment, which is the root cause of the service disruption. 

Rackspace said it hired a cybersecurity team to investigate the incident and isolated the Hosted Exchange environment in an effort to contain the damage. 

“Based on the investigation to date, Rackspace Technology believes that this incident was isolated to its Hosted Exchange business. Rackspace Technology’s other products and services are fully operational, and the company has not experienced an impact to its Email product line and platform,” the company said, eventually noting in the statement that the incident “may continue to cause an interruption.” 

“Out of an abundance of caution, Rackspace Technology has put additional security measures in place and will continue to actively monitor for any suspicious activity.”

The company said it will “migrate their users and domains to Microsoft 365” in addition to other additional measures.

“At this time, we are unable to provide a timeline for restoration of the Hosted Exchange environment. We are working to provide customers with archives of inboxes where available, to eventually import over to Microsoft 365,” they said. 

“As a temporary solution while you set up Microsoft 365, it is possible to also implement a forwarding option that will allow mail destined for a Hosted Exchange user to be routed to an external email address. Please log in to your customer account for a ticket with instructions to request this option. Customers should reply to the ticket to request the forwarding rule be put into place for each of their users.”

As of Monday, the company’s support staff had already “helped thousands of customers move tens of thousands of users” to Microsoft 365 and restored email services for thousands of customers.

The company did not respond to requests for comment about what percentage of customers have been moved over to Microsoft 365.  

According to Rackspace’s statement, their Hosted Exchange business generates $30 million in annual revenue, and the incident is likely to cause a loss in revenue. Shares of the company were down on Monday.

Social media has been inundated with customers complaining about not being able to access services in connection to the Rackspace outage. 

Cybersecurity expert Kevin Beaumont examined evidence from the incident and said the attack may have been caused by hackers exploiting ProxyNotShell – a dangerous set of vulnerabilities affecting Exchange Server software.

Jonathan Greig

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

Recent Posts

Deepfake news anchors spread Chinese propaganda on social media

In a series of videos posted on Twitter, Facebook and YouTube, Chinese state-aligned actors used…

7 hours ago

New info-stealing malware used against Ukraine organizations

A new information-stealing malware named Graphiron is being used against a wide range of targets…

13 hours ago

Hackers used fake websites to target state agencies in Ukraine and Poland

Hackers attempted last week to infect Ukrainian government computer systems with malware hosted on fake…

13 hours ago

‘No evidence of malicious access,’ Toyota says about serious bug exploited by outside researcher

Toyota said it remediated the vulnerability discovered by researcher Eaton Zveare. The company referred others…

15 hours ago

Turkey’s government restricts access to Twitter amid earthquake response

Internet traffic data showed that Twitter was totally inaccessible from with Turkey. The government has…

15 hours ago

CISA publishes recovery script for ESXiArgs ransomware as Florida courts, universities reel

CISA adapted work by two Turkish developers into a script for recovering files affected by…

17 hours ago