Rackspace blames ransomware assault for ongoing Exchange outage

Cloud computing large Rackspace has confirmed that it has been hit by ransomware assault that has left quite a lot of its clients with out entry to electronic mail.

Rackspace’s hosted Microsoft Exchange service began experiencing issues on Friday final week. At the time, Rackspace posted a discover on its standing web page saying that attributable to a “security incident,” it had “powered down and disconnected” the service. In an replace published on Tuesday, Rackspace has confirmed {that a} ransomware assault is behind the continued outage. 

“As you know, on Friday, December 2nd, 2022, we became aware of suspicious activity and immediately took proactive measures to isolate the Hosted Exchange environment to contain the incident,” the corporate mentioned in a press release on Tuesday. “We have since determined this suspicious activity was the result of a ransomware incident.”

Rackspace says that the investigation, led by an unnamed cyber protection agency, is in its early levels and that the corporate has but to find out “what, if any, data was affected.” The firm added that if it determines that delicate info was affected, it’ll “notify customers as appropriate”.

When requested by Thealike, Rackspace spokesperson Natalie Silva declined to share any extra details about the character of the incident or how the hackers had been in a position to compromise its methods. 

However, safety researcher Kevin Beaumont believes the incident could contain exploitation of the Microsoft Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082, higher generally known as ProxyNotShell. ProxyNotShell first got here to mild in late September after Vietnamese cybersecurity firm GTSC noticed it being exploited within the wild. Microsoft confirmed exploitation the next month and linked it to a state-sponsored hacker group.

The points affecting Rackspace’s hosted Microsoft Exchange service stays ongoing on the time of writing. The firm is at present shifting its Hosted Exchange clients over to Microsoft 365 to restrict disruption.

Rackspace famous that the ransomware incident might end in misplaced income for its hosted change enterprise, which generates about $30 million a yr. The firm added that it might have incremental prices related to its response to the incident.