Fraud Management & Cybercrime , Incident & Breach Response , Ransomware
Rackspace Confirms Exchange Outage Caused by RansomwareCompanies Tells US SEC That the Incident Will Affect Revenue
Hosted services company Rackspace says ransomware is the cause of ongoing outages to its hosted Exchange environment.
See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources
Late Thursday, the provider experienced a disruption in its Microsoft email service servers that it at first described as a "security incident" (see: Rackspace Hosted Exchange Still Offline Over Security Issue).
The company said in a Tuesday update that it now believes the "suspicious activity was the result of a ransomware incident."
Rackspace did not disclose any particular ransomware actor, saying its investigation is still in the early stages of analysis. The incident has not affected Rackspace's other services.
"It is too early to say what, if any, data was affected. If we determine sensitive information was affected, we will notify customers as appropriate," the update says.
Texas-based Rackspace is among the world's largest managed cloud providers, counting more than 300,000 customers worldwide, including two-thirds of the world's 100 largest publicly traded businesses.
In a filing with the Securities and Exchange Commission, the company said the ongoing service disruption will likely to create a financial loss for its Hosted Exchange business, which generated approximately $30 million annually in revenue.
Tuesday's update also did not specify when Rackspace is likely to resume services. British cybersecurity expert Kevin Beaumont has suggested that Rackspace was running Microsoft Exchange servers that remained vulnerable to the two flaws that are known as ProxyNotShell.