Skip links

Rackspace confirms ransomware attack behind days-long email outage

Rackspace has admitted a ransomware infection was to blame for the days-long email outage that disrupted services for customers. 

The security snafu took down some of Rackspace’s hosted Microsoft Exchange services on Friday afternoon. In its most recent update, posted at 0826 Eastern Time on Tuesday, Rackspace said it has now “determined this suspicious activity was the result of a ransomware incident,” and has hired a “leading cyber defense firm to investigate.”

The company hasn’t yet determined what customer data was touched. “If we determine sensitive information was affected, we will notify customers as appropriate,” it added.

Rackspace reiterated that the intrusion was isolated to its hosted Exchange businesses, and noted no impact to Rackspace Email and its other products.

As it has in previous updates, Rackspace urged customers to migrate their users and domains to Microsoft 365, and admitted it doesn’t have a timeline for restoring the hosted Exchange email services. An earlier update posted on Monday claimed to have helped “thousands of customers move tens of thousands of users” to Microsoft 365.

Rackspace declined to answer The Register‘s questions about how many customers were affected, who is responsible for the ransomware attack, how they breached the network, or the payment demanded, among others.

In an emailed statement, the spokesperson repeated much of what has already been said in the incident report:

However, the spokesperson did clarify a point from a press release issued today about the ransomware attack that indicated the incident may result in a loss of revenue for its hosted Exchange biz, which Rackspace said brings in about $30 million annually. The press release also noted that the company may be on the hook for “incremental costs” related to incident response.

These costs will not be passed on to Rackspace customers, according to the spokesperson. ®