Rackspace warns of phishing risks following ransomware attack

Cloud computing provider Rackspace warned customers on Thursday of increased risks of phishing attacks following a ransomware attack affecting its hosted Microsoft Exchange environment.

While the company is still investigating the incident and is working on bringing affected systems back online, it says that cybercriminals might also take advantage and exploit this incident for their own purposes.

"If you do receive a message from an individual you do not recognize, do not reply. Please login to your control panel and create a ticket, including details about the message you received," Rackspace said.

"We understand that contact such as this may be alarming, but we currently have no evidence to suggest that you are at increased risk as a result of this direct contact."

Rackspace added that customers could easily spot scammers attempting to steal their sensitive information since:

• Emails from Rackspace will be sent from @rackspace.com emails (although attackers might still use a spoofed email address and redirect their targets to a landing phishing page)
• Rackspace support will not ask for login credentials or personal information (e.g., social security number, driver's license) during phone calls

Even though the company is yet to reveal if it has any evidence that the attackers have stolen data from its systems during the breach, customers were advised to remain vigilant and monitor their credit reports and banking account statements for suspicious activity.

Some customers are also reporting an increase in phishing emails impersonating Rackspace since the ransomware attack.

Those affected by the Rackspace ransomware attack and outage should not open any suspicious email attachments or click any suspicious links.

No details on attackers' identity and their activity during the breach

Rackspace has not provided details on the attackers' identity and what data they could access or exfiltrate during the incident (if any) since it confirmed the ransomware attack behind the ongoing Hosted Exchange outage.

However, it did say that the investigation, conducted by its internal security team with the help of a cyber defense firm, is in its early stages with no info on "what, if any, data was affected."

The cloud service provider added that it would notify customers if it found evidence that the threat actors gained access to their sensitive information.

The company also revealed in a press release and an 8-K report filed with the U.S. Securities and Exchange Commission on Tuesday that it's expecting a loss of revenue for its Hosted Exchange business which generates roughly $30 million in annual revenue due to the ransomware attack's impact.

"In addition, Rackspace Technology may have incremental costs associated with its response to the incident," Rackspace added.

Rackspace is also facing several class-action lawsuits for failing to disclose that the Hosted Exchange "security incident" was a ransomware attack, for its failure to protect the customers' data, and for the impact the email service outage had on their businesses.

Since Friday evening, December 2, Rackspace has provided affected customers with Microsoft Exchange Plan 1 licenses and detailed info (in the incident report) on migrating to Microsoft 365 until the outage is addressed.

It also provides a forwarding option that automatically routes all mail sent to a Hosted Exchange user to an external email address as a temporary solution during the Microsoft 365 migration.