Rackspace, after a weekend-long email outage, which saw thousands of its hosted Exchange customers without access to their contacts or emails, reveals today that the outage is due to a ransomware attack.
Rackspace, a San Antonito-based IT company, provides a variety of business IT products such has data storage, cybersecurity, cloud computing, and hosted Exchange services. Rackspace is one of the world’s largest cloud and email hosting providers. Many of the nation’s largest companies, universities, and recognizable brands such as Purdue University, Mazda, and Luxottica, are all, in some form or another, Rackspace customers.
An Exchange email server allows businesses total control over its email infrastructure. Because of this control and flexibility, Exchange remains the favored way for some businesses, particularly large corporations, to set up their business email. A hosted Exchange environment allows businesses to enjoy the same level of control with their email system, but the burden of physically hosting the hardware and other associated infrastructure is handled by a third-party company like Rackspace.
It’s Rackspace’s hosted Exchange service that’s fallen to victim to ransomware. This means that the attack resulted in Rackspace being locked out from their own servers (and therefore unable to deliver services). The goal of ransomware attackers is to lock a victim out from their own computers in exchange for a ransom.
Cybersecurity experts everywhere do not recommend paying the ransom. Doing so only funds future attacks and does not guarantee that the victim will be immune from a secondary attack.
Rackspace customers first reported being unable to access their emails as early as December 2nd. This email outage caused widespread social-media criticism for the company’s lackluster initial response. The outage continued into the weekend. Although the company has been able to restore service to some of its customers, today’s ransomware attack revelation is a major concern. This now means that the issue is not merely a simple case of a service outage, and there are now major security implications for its customers.
In a status update, Rackspace has informed customers that they have begun working with cybersecurity firms to investigate the attack, but the company is still unable to provide an ETA on when customers could expect a full restoration of services.
Why This Matters
Thousands of small-to-medium-sized business trust companies like Rackspace to provide them with services such as data hosting, networking, and email. Companies in critical fields such as manufacturing, healthcare, and finance entrust third-company providers with their most crucial and sensitive data. The ransomware attack on Rackspace means that affected customers’ data is now compromised, and information is now in the hands of people with no authority to view or possess this data.
The types of sensitive customer data that’s been compromised can run the gamut: financial information, personally identifiable information (PII), healthcare data, social security numbers. These are the types of information that in the wrong hands could have deleterious effects on businesses and individuals.
What Can Affected Companies Do?
Because highly sensitive information such as logins and passwords have been breached, affected Rackspace customers are now at high risk of becoming victims to future cyberattacks. Here are a few post-incident best practices:
- Notify financial institutions immediately – closely monitor all bank transactions for any unauthorized purchases.
- Company IT teams must prepare and expect for future attacks.
- Perform security audits – determine exactly which data has compromised. This will inform you which of your customers will need to be notified.
- Change ALL passwords – this includes credentials to login to local machines, emails, and logins to any services that the company uses.
- Partner with a reputable IT company to review other post-incident activities, and consider a switch to cloud-based email solutions such as Microsoft 365.