fbpx
Thursday, February 2, 2023 | 09:06 am

Rackspace Admits That a Small Number of Its Hosted Exchange Customers Were Affected by the Ransomware Attack

0
Rackspace Admits That a Small Number of Its Hosted Exchange Customers Were Affected by the Ransomware Attack

Rackspace earlier this week confirmed that Play ransomware was the threat actor behind the attack. The attackers used an exploit associated with CVE-2022-41080 that used Outlook Web Access as an entry point. 

The company said the investigation by CrowdStrike, as well as the FBI and other experts, indicated the attack was not related to widespread reports linking it to ProxyNotShell. 

CrowdStrike researchers found the attackers, in an attack method dubbed OWASSRF, were going around prior mitigations developed by Microsoft to protect against ProxyNotShell. 

Rackspace has not commented on whether any specific ransom was paid or whether it obtained a decryptor. 

Most of Rackspace’s Hosted Exchange customers were small and medium-sized businesses, along with individual customers. The ransomware attack disrupted critical business emails for many customers, leading to consolidated class action litigation filed in U.S. District Court in Texas. 

Executives at Clumio said last month the Rackspace attack helped underscore the need to change the way organizations store and protect data. 

“Data protection and recovery need to keep up with the gigantic scale and speed of ingest, retrieval and backing up data continuously,” Woon Ho Jung, co-founder and CTO at Clumio said in a statement.

Rackspace said it will continue efforts to recover historical data and is developing an on-demand solution for customers who still want to download their data.

Rackspace does not plan to rebuild the Hosted Exchange environment and has been moving customers to Microsoft 365. 

98,656FansLike
643FollowersFollow
9,151FollowersFollow