Story updated with ransomware confirmation, more details on December 7 HERE
Customers of troubled IT services company Rackspace have been left fuming after a cyber attack took down their Rackspace-hosted Microsoft Exchange servers, in an incident first acknowledged on Friday, December 2.
On Sunday Rackspace confirmed the fears of customers that the incident would be protracted, saying “in order to best protect the environment, this will continue to be an extended outage of Hosted Exchange.”
The company had first addressed the incident late Friday December 2, saying it had suffered "a significant failure in our Hosted Exchange environment" adding that "we continue to work through the root cause."
By Saturday 1:57am EST it said it had "determined that this is a security incident."
Rackspace hacked: Support ticket system fails as thousands queue
Rackspace said in an update dated 12:37 AM EST on Sunday December 4 that “at this time, moving to Microsoft 365 is the best solution for customers, and we highly encourage affected customers to move to this platform.”
That move suggests Rackspace-hosted Microsoft Exchange restoration is likely to be challenging.
It added: “We have heard and understand that self-migration may not be simple and can be challenging to implement. Our customer support teams are working on a 24/7 basis to assist impacted customers.”
By late December 5 it said it had moved "tens of thousands" of users to M365 successfully.
In good news for customers, backups don't appear to have been hit in the attack. Rackspace said: "Many of our customers had previously subscribed to our Archive service for their mailbox and users.
"The archive service remains functional."
Customers were reporting late Sunday that Rackspace’s support system was also down.
Some customers said they had been left in queues to IT support for up to 12 hours unsuccessfully.
Rackspace has not confirmed the incident type.
The extended outage and restoration challenges suggest a ransomware attack. The Stack could not immediately confirm this, nor whether customer data like sensitive emails had been exposed in the attack.
One affected customer said on Reddit/sysadmin: “Our largest client is subject to both DPIA [Data Protection Impact Assessment] and GDPR requests completed in a very short period of time. So now we have a client in financial services that CANNOT issue DPIA's until they conduct their own internal security/availability incident DPIA assessment of their own email system. Their internal compliance team is screaming bloody murder.”
The Texas-headquartered added in an update that it had “mobilized” 1,000 staff to handle customer queries, adding that “current wait times for customer support are much longer than usual. For those who are finding the process challenging and are awaiting support, we ask for your patience as we increase staff…”
The company did not say how many of its hosted Microsoft Exchange customers have been affected. An incident update did note that “Rackers are contacting every Hosted Exchange customer by phone.” [Our italics].
Over 60,000 Microsoft Exchange server users including the European Banking Authority were breached in mass-hacking attacks in early 2021 after critical security vulnerabilities were exposed in the mail and calendering server. Further CVEs or software vulnerabilities in Exchange server were also reported and exploited this year.
Rackspace is a technology services company that hosts cloud and other IT environments. Major customers include BT. It has focussed on aggressive cost-cutting in recent years amid restructuring, earnings reports show.
On November 9, Rackspace CEO Amar Maletira (appointed to the role in September) emphasised on an earnings call that “it is critical that we quickly improve our execution focus and accountability across the organization”, adding “I know we need to rebuild our credibility as a team” as steep losses continued.
Rackspace reported net losses of $512 million in Q3 alone on revenues of $787 million, blaming a “sustained decrease in our market capitalization and lowered projected operating results” on “product mix shifts and market concerns related to inflation, supply chain disruption issues and other macroeconomic factors.”
Are you affected? Have views? Get in touch.