Rackspace confirms outage was caused by ransomware attack

Rackspace CSOC (cyber security operations center) / Image: Rackspace

Texas-based cloud computing provider Rackspace has confirmed today that a ransomware attack is behind an ongoing Hosted Exchange outage described as an "isolated disruption."

"As you know, on Friday, December 2nd, 2022, we became aware of suspicious activity and immediately took proactive measures to isolate the Hosted Exchange environment to contain the incident," the company said in an update to the initial incident report.

"We have since determined this suspicious activity was the result of a ransomware incident."

Rackspace says that the investigation, led by a cyber defense firm and its own internal security team, is in its early stages with no info on "what, if any, data was affected."

The cloud service provider says it will notify customers if it finds evidence that the attackers gained access to their sensitive information.

"Based on the investigation to date, Rackspace Technology believes that this incident was isolated to its Hosted Exchange business," the company added in a press release.

"Rackspace Technology's other products and services are fully operational, and the company has not experienced an impact to its Email product line and platform."

UPDATE: Since becoming aware of suspicious activity in our Hosted Exchange environment on 12/2, we’ve determined that the isolated disruption is the result of ransomware and our security team is working with a lead cyber defense firm to investigate. Status:https://t.co/Uz0k8GL7Sg

— Rackspace Technology (@Rackspace) December 6, 2022

The company also revealed in today's press release and in an 8-K SEC filing that it expects a loss of revenue due to the ransomware attack's impact on its $30 million Hosted Exchange business.

"Although Rackspace Technology is in the early stages of assessing this incident, the incident has caused and may continue to cause an interruption in its Hosted Exchange business and may result in a loss of revenue for the Hosted Exchange business, which generates approximately $30 million of annual revenue in the Apps & Cross Platform segment," the company said.

"In addition, Rackspace Technology may have incremental costs associated with its response to the incident."

Rackspace's outage still affects all services in its Hosted Exchange environment, including MAPI/RPC, POP, IMAP, SMTP, and ActiveSync, as well as the Outlook Web Access (OWA) interface that provides access to online email management.

Today's announcement comes four days after the company initially acknowledged the outage on its status page, on Friday night, at 02:49 AM EST.

Rackspace revealed the actual cause of the outage twenty-four hours later, describing it as a security incident "isolated to a portion of our Hosted Exchange platform" that forced it to shut down and disconnect the Hosted Exchange environment.

The company confirmed today some of its customer's concerns, who suspected, due to the limited information, that the outage might be the result of a malware or ransomware attack.

Starting Friday evening, Rackspace has been providing affected customers with Microsoft Exchange Plan 1 licenses and detailed instructions on how to migrate their email to Microsoft 365 until the outage is addressed (info on activating the free licenses and migrating users' mailboxes to Microsoft 365 is available in Rackspace's incident report). 

The company also provides a temporary solution for customers during the migration to Microsoft 365: a forwarding option that will automatically route all mail sent to a Hosted Exchange user to an external email address.

"At this time, we are unable to provide a timeline for restoration of the Hosted Exchange environment. We are working to provide customers with archives of inboxes where available, to eventually import over to Microsoft 365," Rackspace added in today's update.