Cloud computing giant Rackspace has confirmed it has been hit by a ransomware attack that has left some of its customers unable to access email.
Last Friday, Rackspace’s hosted Microsoft Exchange service began experiencing problems. At the time, Rackspace posted a message on its status page stating that due to a “security incident”, it had “turned off and disconnected” the service. In an update published TuesdayRackspace has confirmed that a ransomware attack is behind the ongoing outage.
“As you know, we became aware of suspicious activity on Friday, December 2, 2022 and immediately took proactive measures to isolate the Hosted Exchange environment to contain the incident,” the company said in a statement Tuesday. “We have since determined that this suspicious activity was the result of a ransomware incident.”
Rackspace says the investigation, led by an unnamed cyber-defense firm, is in its early stages and the company has yet to determine “what data, if any, has been compromised.” The company added that if it determines sensitive information has been compromised, it will “notify customers”.
When asked by businessroundups.org, Rackspace spokesperson Natalie Silva declined to elaborate on the nature of the incident or how the hackers managed to compromise its systems.
However, security researcher Kevin Beaumont believes the incident may relate to exploitation of the Microsoft Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082, commonly known as ProxyNotShell. ProxyNotShell first came to light in late September after Vietnamese cybersecurity firm GTSC observed it being exploited in the wild. Microsoft confirmed the exploit the following month, linking it to a state-sponsored hacker group.
The issues with Rackspace’s hosted Microsoft Exchange service remain ongoing at the time of writing. The company is currently transitioning its Hosted Exchange customers to Microsoft 365 to mitigate disruption.
Rackspace noted that the ransomware incident could lead to lost revenue for its hosted exchange business, which generates about $30 million annually. The company added that it could incur additional costs related to its response to the incident.
