Updated Rackspace has admitted that a ransomware infection was responsible for the days-long email outage that disrupted services to customers.
The security scam disabled some of Rackspace’s hosted Microsoft Exchange services as of Friday afternoon. In its most recent update, posted Tuesday at 8:26 a.m. Eastern Time, Rackspace said it has now “determined that this suspicious activity was the result of a ransomware incident” and hired a “leading cyber defense firm to investigate.”
The company has not yet determined which customer data was touched. “If we determine that sensitive information has been affected, we will notify customers accordingly,” she added.
Rackspace reiterated that the attack was limited to its hosted Exchange stores, noting that Rackspace Email and its other products were not impacted.
As in previous updates, Rackspace urged customers to migrate their users and domains to Microsoft 365 and acknowledged there is no timetable for restoring hosted Exchange email services. A previous update released Monday claimed to have “helped thousands of customers move tens of thousands of users” to Microsoft 365.
Rackspace declined to answer The Register’s questions, including how many customers were affected, who was responsible for the ransomware attack, how they breached the network, or what payment was required.
In an emailed statement, the spokesperson repeated much of what was said in the incident report:
However, the spokesperson clarified a point from a press release released today about the ransomware attack, which indicated that the incident could result in lost revenue for its hosted Exchange business, which Rackspace says brings in about $30 million annually. The press release also noted that the company may be on the brink of “additional costs” related to incident response.
According to the spokesman, these costs will not be passed on to Rackspace customers. ®
Updated to add
A Californian law firm has now announced that it will take action against Rackspace on behalf of the users.
“That Rackspace offered opaque updates for days and then was admitted to a ransomware incident without further customer support is outrageous,” said Scott Cole, Cole Van Note’s lead attorney.
“Despite hundreds of data breaches each year in this country, I’ve received reports of vulnerabilities in Rackspace’s hosting environment going back over a year. That, and an apparent lack of backup logs, is why a lawsuit like this is critical.”
The lawsuit, Stephenson, et al. v. Rackspace Technology, filed in the Western District of Texas.