View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 6, 2022

Rackspace email outage caused by ransomware attack

We just don't know when our Exchange servers will be back, the cloud company helpfully says.

By Matthew Gooding

Rackspace has confirmed a ransomware attack was behind a four-day outage of its hosted Exchange email service which continues to impact customers. The multicloud vendor is still investigating the incident, and says it is not clear what data has been accessed. It is also unable to provide a clear timeline for when its Exchange service will be back online.

Rackspace ransomware
Rackspace is dealing with a ransomware attack which has crippled email servers (pic: Postmodern Studio/Shutterstock)

As reported by Tech Monitor, Rackspace’s email servers have been down since Friday following what the company described as a “security incident”. An update released today provided further details of what caused the problem.

Rackspace ransomware attack confirmed

In an update to its incident log, Rackspace says it became aware of the problem on Friday and took “proactive measures to isolate the Hosted Exchange environment to contain the incident”. Adding: “We have since determined this suspicious activity was the result of a ransomware incident.”

The Texas-headquarted business says it has “engaged a leading cyber defence firm to investigate” the incident alongside its in-house security team. The Rackspace statement adds: “Our investigation is still in its early stages, and it is too early to say what, if any, data was affected. If we determine sensitive information was affected, we will notify customers as appropriate.”

Some Rackspace customers noted suspicious activity on their bank accounts following the outage, although it is not known if this is related to the incident.

The statement continues: “Based on the investigation to date, we believe that this incident was isolated to our Hosted Exchange business. The company’s other products and services are fully operational, and we have not experienced any impact to our Rackspace email product line and platform. Out of an abundance of caution, we have put additional security measures in place and will continue to actively monitor for any suspicious activity.”

The statement makes no mention of whether a ransom demand has been issued or paid.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

How Rackspace is mitigating its hosted Exchange downtime

Today’s update reiterates previous advice to migrate email servers onto Microsoft’s Office 365 cloud-based system from the older Exchange protocol. “Rackspace is making available resources so that customers can migrate their users and domains to Microsoft 365,” the company says. “At this time, we are unable to provide a timeline for restoration of the Hosted Exchange environment. We are working to provide customers with archives of inboxes where available, to eventually import over to Microsoft 365.”

The company says it has migrated “ten of thousands” of users to Office 365, but the process of doing so is a slow and largely manual one. As reported by Tech Monitor, users of the company’s services have taken to Twitter to express their frustration at the paucity of support on offer.

Rackspace’s statement adds: “We understand the frustration this situation has caused for our customers and are doing everything we can to support them in migrating to Microsoft 365. We have surged our support staff and will be taking additional steps to help guide our customers through this process in order to limit the impact to their own operations.”

Read more: Here are all the mistakes your business is making in cloud security

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.