Cloud computing provider Rackspace on Thursday warned customers of heightened risks of phishing attacks following a ransomware attack affecting its hosted Microsoft Exchange environment.
While the company is still investigating the incident and working to bring the affected systems back online, it says cybercriminals could also take advantage and exploit this incident for their own purposes.
“If you receive a message from someone you do not recognize, do not reply. Please log in to your control panel and create a ticket, including the details of the message you received”, Rackspace said.
“We understand that such contact could be alarming, but we currently have no evidence to suggest that you are at increased risk due to this direct contact.”
Rackspace added that customers could easily spot scammers trying to steal their sensitive information because:
- Rackspace emails will be sent from @rackspace.com emails (although attackers can still use a spoofed email address and redirect their targets to a phishing landing page)
- Rackspace support will not ask for login credentials or personal information (e.g. social security number, driver’s license) during phone calls
Although the company has yet to reveal whether it has evidence that attackers stole data from its systems during the breach, customers have been urged to remain vigilant and monitor their credit reports and credit statements. bank account to detect any suspicious activity.
Those affected by the Rackspace ransomware attack and outage should not open suspicious attachments or click on suspicious links.
No details on the identity of the attackers and their activity during the breach
Rackspace did not provide details on the identity of the attackers and what data they might be accessing or exfiltrating during the incident (if any) since it confirmed the ransomware attack behind the ongoing Hosted outage. Exchange.
However, he said the investigation, led by his internal security team with the help of a cyber defense firm, was in its early stages with no information on “what data, if any, was affected”.
The cloud service provider added that it will notify customers if it finds evidence that threat actors have gained access to their sensitive information.
The company also disclosed in A press release and an 8-K report filed with the U.S. Securities and Exchange Commission on Tuesday that it expects lost revenue for its Hosted Exchange business which generates approximately $30 million in annual revenue due to the impact of the attack ransomware.
“In addition, Rackspace Technology may incur additional costs associated with its incident response,” Rackspace added.
Rackspace also faces various class action court case for failing to disclose that the Hosted Exchange “security incident” was a ransomware attack, for its failure to protect customer data, and for the impact mail service failure had on their businesses.
Since Friday evening December 2, Rackspace has provided affected customers with Microsoft Exchange Plan 1 licenses and detailed information (in the incident report) while migrating to Microsoft 365 until the outage is resolved.
It also provides a forwarding option that automatically routes all emails sent to a Hosted Exchange user to an external email address as a temporary solution during Microsoft 365 migration.