Rackspace confirms outage was caused by ransomware attack

Rackspace, a Texas-based cloud computing provider, confirms an ongoing outage is caused by a ransomware attack, describing it as an “isolated disruption.” Rackspace is one of the largest cloud and email hosting providers in the United States. The ransomware attack has prevented some customers from checking inboxes since Friday last week, per Axios.

Kevin Beaumont, a security expert and former Microsoft employee, investigated the outage and documented it on his blog. Out-of-date Microsoft Exchange builds from August 2022 were in use on Rackspace, prior to the ProxyNotShell patches which came available.

Effectively, Beaumont concluded that if you running a shared cluster of Hosted Exchange, “it means that one compromised account on one customer will compromise the entire hosted cluster. This is high risk.”

Beaumont expects continued attacks on Microsoft Exchange Server across organizations well into 2023.

Natalie Silva, Rackspace spokesperson, declined to say how many customers have been affected by the ongoing outage. However, the company acknowledged in an SEC filing on Tuesday that “the attack may result in a loss of revenue” for its $30 million Hosted Exchange business.

Some customers are not willing to wait for the situation to resolve. Stephanie Atkinson, CEO of Compass Intelligence told Axios that she left Rackspace after 17 years as a customer to migrate to GoDaddy.

Rackspace has “mobilized one thousand support staff to help customers.” An investigation into the source of the attack is “ongoing and will take time to complete,” says Rackspace. They will not confirm or deny if a ransom has been or will be paid.

A full press release and continued public statements are available on Rackspace’s website.

Ransomware continues to proliferate across all industry verticals, regardless of company size or security budget. Ransomware continues to target anything from hospitals to governments anywhere in the world.