Rackspace e-mail interruption verified as ransomware attack

A continuous interruption impacting Rackspace e-mail clients is the outcome of a ransomware attack

Alex Scroxton


Published: 07 Dec 2022 10: 09

Rackspace has actually verified that a continuous interruption impacting its hosted Microsoft Exchange clients is the outcome of a ransomware attack versus its hosted Exchange environment, performed by an undefined group.

The failure was initially reported at 7.49 am GMT on Friday 2 December, when Rackspace started examining reports of connection concerns to its Microsoft Exchange environments, which led to users striking a mistake when they attempted to access the Outlook Web App and sync their e-mail customers.

In the interim, it has actually been providing clients access to Microsoft 365 as a substitute procedure, and states it has actually now moved 10s of countless users and domains throughout. Since its last upgrade, released at 1.26 pm GMT on 6 December, it is not able to supply a timeline for when it may be able to bring back Hosted Exchange services.

In a declaration, a Rackspace representative stated: “Rackspace Technology today revealed a ransomware event impacting its Hosted Exchange environment, which is triggering service interruptions for the business’s Hosted Exchange clients.

” Alongside the Rackspace Technology internal security group, the business has actually engaged a leading cyber defence company to examine. Instantly upon discovering the occurrence, the business took proactive procedures to separate the Hosted Exchange environment to consist of the occurrence.”

Based on its examination up until now, the business thinks the occurrence has actually been separated to its Hosted Exchange service. Its other product or services stay completely functional and there appears to have actually been no effect to its Email line of product or platform. As a preventive step, it has actually put extra security procedures and tracking in location.

The representative stated: “Rackspace Technology remains in continuous interaction with Hosted Exchange consumers to assist them move to a brand-new environment as rapidly as possible. Rackspace Technology has actually risen assistance personnel and will be taking extra actions to assist guide clients through this procedure in order to restrict the effect to their own operations.

” Although Rackspace Technology remains in the early phases of examining this event, the occurrence has actually triggered, and might continue to trigger, a disruption in its Hosted Exchange service and might lead to a loss of earnings for the Hosted Exchange company, which produces roughly $30 m of yearly earnings in the Apps & & Cross Platform sector. In addition, Rackspace Technology might have incremental expenses related to its action to the occurrence.”

Commenting on the event, Barrier Networks handling CISO Jordan Schroeder stated: “This newest upgrade from Rackspace will leave a lot of the business’s consumers extremely worried that their information is now in the hands of cyber bad guys.

” If this holds true, countless business throughout the world will feel the repercussions of this attack, and it will as soon as again highlight that when an organisation is handling the obligation of saving or hosting information coming from organizations, it has an even higher responsibility to keep it protect.”

Schroeder stated that up until more ends up being recognized, it would be practical for Rackspace Hosted Exchange clients to take extra preventative measures themselves, and in specific to execute extra tracking by themselves networks, and to release dark web intelligence in case their information has actually been exfiltrated.

Meanwhile, independent private investigator and security analyst Kevin Beaumont provided minimal proof recommending that the attack might have started with exploitation of the so-called ProxyNotShell attack chain.

Writing on the Medium blogging platform, Beaumont– who created the term ProxyNotShell himself– stated he had actually theorized proof from Shodan information that appears to reveal Rackspace’s Exchange cluster was revealing long develop numbers going back to August, prior to the problem was covered in November’s Patch Tuesday upgrade

ProxyNotShell consists of 2 zero-day vulnerabilities, CVE-2022-41040, a remote code execution (RCE) vulnerability, and CVE-2022-41082, an elevation of advantage (EoP) vulnerability. Chained together, they can be utilized to gain access to susceptible Microsoft Exchange Servers.

A link to the Rackspace event has actually not been shown and the business has actually made no declaration regarding the reason for the attack at this phase.

Read more on Hackers and cybercrime avoidance

Read More

What do you think?

Written by admin

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

These Were the 10 Most Difficult Wordle Words of 2022

These Were the 10 Most Difficult Wordle Words of 2022

Study: Most desire green IT however numerous will not get it quickly

Study: Most desire green IT however numerous will not get it quickly