About Rackspace:
American cloud computing company Rackspace Technology, Inc. is situated in Windcrest, Texas, an inner suburb of San Antonio, Texas. The company also has offices in Blacksburg, Virginia, and Austin, Texas, as well as in Australia, Canada, the United Kingdom, India, Dubai, Switzerland, the Netherlands,[3] Germany, Singapore, Mexico, and Hong Kong. Its data centers are located in[4] Amsterdam (Netherlands), Virginia (USA), Chicago (USA), Dallas (USA), London (UK), Frankfurt (Germany), Hong Kong (China), Kansas City (USA), New York City (USA), San Jose (USA), Shanghai (China), Queenstown (Singapore), and Sydney (Australia).
Richard Yoo was the CEO of Rackspace when it was founded in October 1998. While most hosting companies concentrated on the technological aspect of hosting, Rackspace put more of an emphasis on service and support with the creation of its “Fanatical Support” offering.
What Exactly Happened: Ransom Attack
At the time of the ransomware attack, roughly 30,000 customers used Rackspace’s hosted Exchange service, which it is now discontinuing.
According to Rackspace, the hack was caused by the Play ransomware group, a relatively new organization that has recently claimed responsibility for attacks on the H-Hotels hotel chain and the port city of Antwerp in Belgium. On the ransomware group’s leak website, Rackspace’s stolen data is not presently visible, and it’s not clear if Rackspace has complied with a ransom demand.
The incident report update states that Play threat actors penetrated Rackspace’s networks by taking advantage of CVE-2022-41080, a zero-day vulnerability that Microsoft patched in November and has been connected to ransomware attacks in the past.
The Microsoft Outlook Web App has not been available for thousands of users since Friday, and the company is currently experiencing an outage that has resulted in additional problems. The company’s profitable operations are focused on hosting Microsoft Exchange infrastructure, which provides users with access to Microsoft calendar, contact, and email applications.
The company announced on Tuesday that the primary cause of the service interruption was a ransomware attack that impacted their Hosted Exchange environment. On Tuesday, the large cloud computing company Rackspace confirmed that a ransomware attack had rendered thousands of people’s email services unusable. Thousands of users have not been able to access the Microsoft Outlook Web App since Friday, and the company is currently dealing with an outage that has led to more issues. Hosting Microsoft Exchange infrastructure, which gives users access to Microsoft calendar, contact, and email applications, is the company’s profitable business focus.
The attack affected the hosted Exchange email environment of the company, which Rackspace first acknowledged on December 6. As a result, the internet behemoth was forced to terminate the hosted email service after the incident. Rackspace claimed at the time that it had no idea “what, if any, data was affected.”
In its most recent incident response report, which was made public on Friday, Rackspace acknowledged that the hackers had access to the personal information of 27 different clients. According to Rackspace, the hackers gained access to PST files, which are commonly used to store backup and archival copies of contacts, calendar events, and emails from inboxes and Exchange accounts.
The company declared on Tuesday that a ransomware attack against their Hosted Exchange environment was the main reason behind the service outage. Along with other extra steps, the company said it will “migrate their users and domains to Microsoft 365.”
We are unable to provide a timeframe for the Hosted Exchange environment’s restoration at this time. We are trying to give customers access to inbox archives when they become available so they can eventually import them into Microsoft 365,” the statement read.
“You can also set up a forwarding option to allow mail intended for a Hosted Exchange user to be routed to an external email address as a temporary workaround while you set up Microsoft 365. To request this option, please log into your customer account and open a ticket. To request that the forwarding rule be implemented for each of their users, customers should respond to the ticket.
As of Monday, thousands of customers’ email services had been restored, and the company’s support team claimed to have “helped thousands of customers move tens of thousands of users” to Microsoft 365. The percentage of customers who have switched to Microsoft 365 has not been disclosed by the company in response to requests for comment. As per Rackspace’s statement, their Hosted Exchange business brings in $30 million annually, and the incident will probably result in a decline in revenue. On Monday, the company’s shares decreased.
Customers who are upset about not being able to access services due to the Rackspace outage have flooded social media with complaints. After reviewing the incident’s evidence, cybersecurity specialist Kevin Beaumont speculated that the attack might have been the result of hackers taking advantage of ProxyNotShell, a risky set of vulnerabilities affecting Exchange Server software.
What did the company do for the customers after Ransom Attack?
The cloud computing company had previously advised its clients to switch from Microsoft Exchange to Microsoft 365. The business did, however, issue a warning regarding the difficult task of setting up each user’s email account throughout the transfer.
After the attack, some customers tried in vain to contact the overworked Rackspace customer service, ultimately resorting to hiring outside tech support companies to help with the transfer. Others lamented on social media about the email outages at Rackspace and the difficult process of switching to the cloud version of the email communications suite.
In the meantime, to lessen the disruption that email outages caused, Rackspace started moving its Hosted Exchange clients. In addition to providing free Microsoft 365 subscriptions, the company activated a 1,000-person support technician team in a “surge capacity.”
Although many tickets remained unanswered, Rackspace claims to have transferred tens of thousands of users and thousands of customers.
Customers could import data from their archives into their Microsoft 365 accounts, the company said. The only clients who were assured of recovering their data from the affected platform were those who had a subscription to Rackspace’s archive service. To redirect emails received in affected mailboxes to an external email address while the migration was still in progress, the hosting provider also provided an email forwarding option.
