Product reviews, deals and the latest tech news

Ransomware attack is to blame for the ongoing Exchange outage, according to Rackspace

Rackspace, a leading cloud provider, has revealed a ransomware assault has rendered email inaccessible for some of its users.

This past Friday, issues with Rackspace’s hosted Microsoft Exchange service first surfaced. Rackspace had “powered down and deactivated” the service owing to a “security problem,” according to a status page update at the time. According to a Tuesday status report, Rackspace has determined that a ransomware assault is to blame for the downtime.

“As you know, on Friday, December 2nd, 2022, we became aware of suspicious behaviour and quickly took aggressive actions to isolate the Hosted Exchange environment to mitigate the situation,” the business stated in a statement released on Tuesday. We now know that a ransomware attack was the cause of this unusual behaviour.

According to Rackspace, the investigation, which is being lead by an undisclosed cyber security firm, is still in its infancy, and the business has not yet determined “what, if any, data was compromised.” When asked whether it would “notify customers as appropriate” if it found that sensitive information had been compromised, the business said it would.

Rackspace spokeswoman Natalie Silva refused to elaborate the nature of the issue or the hackers’ means of gaining access to Rackspace’s systems.

Nonetheless, security researcher Kevin Beaumont speculates that ProxyNotShell, also known as CVE-2022-41040 and CVE-2022-41082, was used in this event to get access to Microsoft Exchange. In late September, Vietnamese cybersecurity firm GTSC discovered ProxyNotShell being used in the wild for the first time. The next month, Microsoft officially acknowledged the vulnerability and blamed a government-backed hacking organisation.

To this day, Rackspace’s hosted Microsoft Exchange service still hasn’t recovered from the problems that have plagued it. As a means of minimising interruption, the organisation is in the process of migrating its Hosted Exchange clients to Microsoft 365.

Rackspace warned that its hosted exchange business, which brings in about $30 million annually, might see revenue drop as a consequence of the ransomware attack. The firm said that it may incur extra expenses in responding to the crisis.