Texas-based cloud computing provider Rackspace today confirmed that a ransomware attack is behind its ongoing hosted Microsoft Exchange outage.
“As you are aware, on Friday, December 2, 2022, we became aware of suspicious activity and immediately took proactive measures to isolate the Hosted Exchange environment to contain the incident,” the company said in an update. up to date first incident report.
“We have since determined that this suspicious activity was the result of a ransomware incident.”
Rackspace says the investigation, led by a cyber defense firm and its own internal security team, is in its early stages with no information on “what data, if any, was affected.”
The cloud service provider says it will notify customers if it finds evidence that attackers gained access to their sensitive information.
“Based on the investigation to date, Rackspace Technology believes this incident has been isolated to its Hosted Exchange business,” the company added in a statement. Press release.
“Rackspace Technology’s other products and services are fully operational and the company has not experienced any impact to its product line and messaging platform.”
UPDATE: Since becoming aware of suspicious activity in our Hosted Exchange environment on 12/2, we have determined that the isolated disruption is the result of ransomware and our security team is working with a cyber defense firm prominent to investigate. Status:https://t.co/Uz0k8GL7Sg
— Rackspace Technology (@Rackspace) December 6, 2022
Rackspace’s outage still affects all services in its hosted Exchange environment, including MAPI/RPC, POP, IMAP, SMTP, and ActiveSync, as well as the Outlook Web Access (OWA) interface that provides access to email management on line.
Today’s announcement comes four days after the company initially acknowledged the outage on its status page Friday evening at 2:49 a.m. EST.
Rackspace revealed the real cause of the outage twenty-four hours later, describing it as a security incident “isolated to part of our Hosted Exchange platform” that forced it to shut down and disconnect the Hosted environment. Exchange.
The company today confirmed some of the concerns of its customers, who suspected, due to limited information, that the outage could be the result of a malware or ransomware attack.
Starting Friday evening, Rackspace provided affected customers with Microsoft Exchange Plan 1 licenses and step-by-step instructions on how to migrate their email to Microsoft 365 until the outage is resolved (information on activating free licenses and migration of user mailboxes to Microsoft 365 are available in Rackspace crash report).
The company is also providing a temporary solution for customers when migrating to Microsoft 365: a forwarding option that will automatically route all messages sent to a Hosted Exchange user to an external email address.
“At this time, we are unable to provide a timeline for restoring the Hosted Exchange environment. We are working to provide customers with mailbox archives when available, for possible import into Microsoft 365,” Rackspace added in today’s update.