Skip links

Rackspace racks up $12M bill in ransomware raid recovery

Rackspace’s costs from last year’s ransomware infection continue to mount: the cloud hosting biz told America’s financial watchdog, the SEC, its total expenses to date regarding that cyberattack have reached $12 million – so far.

The extortionware raid on the IT provider, initially described as a “security incident,” hit Rackspace’s hosted Microsoft Exchange on December 2, 2022, shutting down email services to thousands of customers, most of whom were small and mid-sized businesses.

Four days later, the corporation determined that a ransomware infection was responsible for the email meltdown, which lasted into January. Rackspace ultimately blamed the Play crew for the intrusion, and said the miscreants broke in after exploiting CVE-2022-41080, a critical Exchange privilege escalation bug, before Microsoft could issue a fix.

In its most recent 10-Q quarterly report to the SEC, Rackspace said it racked up $5.1 million in ransomware-related expenses between April and September 30, 2023. These costs included investigation, remediation, legal and other expenses tied to the security snafu.

Also during this nine-month period, Rackspace received $5.4 million in insurance payouts.

However, per the 10-Q, the ongoing lawsuits filed in response to the email disruption may mean an even bigger financial hit:

Rackspace declined to comment on its ransomware-related losses and legal battles.

“Rackspace Technology does not disclose any information regarding pending litigation other than what may be required in connection with our SEC filings,” a spokesperson told The Register.

In an earlier quarterly expense report, Rackspace told the SEC that it had spent $6.6 million in ransomware-related costs. This brings the total spent to date to $11.7 million. ®

Source