Rackspace has confirmed a ransomware attack was behind a four-day outage of its hosted Exchange email service which continues to impact customers. The multicloud vendor is still investigating the incident, and says it is not clear what data has been accessed. It is also unable to provide a clear timeline for when its Exchange service will be back online.
As reported by Tech Monitor, Rackspace’s email servers have been down since Friday following what the company described as a “security incident”. An update released today provided further details of what caused the problem.
Rackspace ransomware attack confirmed
In an update to its incident log, Rackspace says it became aware of the problem on Friday and took “proactive measures to isolate the Hosted Exchange environment to contain the incident”. Adding: “We have since determined this suspicious activity was the result of a ransomware incident.”
The Texas-headquarted business says it has “engaged a leading cyber defence firm to investigate” the incident alongside its in-house security team. The Rackspace statement adds: “Our investigation is still in its early stages, and it is too early to say what, if any, data was affected. If we determine sensitive information was affected, we will notify customers as appropriate.”
Some Rackspace customers noted suspicious activity on their bank accounts following the outage, although it is not known if this is related to the incident.
The statement continues: “Based on the investigation to date, we believe that this incident was isolated to our Hosted Exchange business. The company’s other products and services are fully operational, and we have not experienced any impact to our Rackspace email product line and platform. Out of an abundance of caution, we have put additional security measures in place and will continue to actively monitor for any suspicious activity.”
The statement makes no mention of whether a ransom demand has been issued or paid.
How Rackspace is mitigating its hosted Exchange downtime
Today’s update reiterates previous advice to migrate email servers onto Microsoft’s Office 365 cloud-based system from the older Exchange protocol. “Rackspace is making available resources so that customers can migrate their users and domains to Microsoft 365,” the company says. “At this time, we are unable to provide a timeline for restoration of the Hosted Exchange environment. We are working to provide customers with archives of inboxes where available, to eventually import over to Microsoft 365.”
The company says it has migrated “ten of thousands” of users to Office 365, but the process of doing so is a slow and largely manual one. As reported by Tech Monitor, users of the company’s services have taken to Twitter to express their frustration at the paucity of support on offer.
Rackspace’s statement adds: “We understand the frustration this situation has caused for our customers and are doing everything we can to support them in migrating to Microsoft 365. We have surged our support staff and will be taking additional steps to help guide our customers through this process in order to limit the impact to their own operations.”