Thursday, February 2, 2023
Home Technology World News Rackspace: Hackers Obtained Customer Data In Ransomware Attack | CRN

World News Rackspace: Hackers Obtained Customer Data In Ransomware Attack | CRN

by Sophie LAMOTTE
0 comment

world news

Security News

Mark Haranas

Rackspace Technology confirms that the threat actors behind last month’s ransomware attack gained access to dozens of customers data. The company also said it will stop its Hosted Exchange service.


Rackspace Technology has confirmed hackers gained access to data from 27 customers during December’s ransomware attack, which caused massive outages for thousands of customers.

“Of the nearly 30,000 customers on the Hosted Exchange email environment at the time of the attack, the forensic investigation determined the threat actor accessed a Personal Storage Table of 27 Hosted Exchange customers,” said Rackspace today in its latest incident response update.

The San Antonio, Texas-based cloud company said the threat actor, known as PLAY, accessed PST files that are usually used to store backup and archived copies of contacts, emails and events from Exchange accounts.

[Related: Rackspace: FBI, CrowdStrike Make Progress In Attack Probe]

Rackspace said it has already let its 27 affected customers know about these findings, adding that there is no evidence the threat actor “actually viewed, obtained, misused or disseminated emails or data in the PSTs” for any of these customers.

“We will continue working to recover all data possible as planned, however, in parallel, we are developing an on-demand solution for those customers who do still wish to download their data,” Rackspace said.

The company expects the on-demand solution to be available within the next two weeks.

Root Cause Of Rackspace Ransomware Attack

On Dec. 6, Rackspace was hit with a ransomware attack that caused a massive outage at the multicloud technology company.

The ransomware attack affected its hosted Exchange environment which caused a loss of email services for thousands of customers.

Rackspace today said that while there has been speculation that the root cause of this incident was the result of the ProxyNotShell exploit, “we can now definitively state that is not accurate.”

The forensic investigation determined that the threat actor, known as PLAY, used a previously unknown security exploit to gain initial access to the Rackspace Hosted Exchange email environment.

“This zero-day exploit is associated with CVE-2022-41080. Microsoft disclosed CVE-2022-41080 as a privilege escalation vulnerability and did not include notes for being part of a Remote Code Execution chain that was exploitable,” Rackspace said today.

Hosted Exchange Service To Discontinue

Rackspace said it will discontinue its Hosted Exchange service.

“The Hosted Exchange email environment will not be rebuilt as a go-forward service offering,” the cloud company said.

Even prior to the ransomware security breach, the Hosted Exchange email environment had already been planned for migration to Microsoft 365.

There will be no price increase for Hosted Exchange customers if they choose to move to Microsoft 365 and select a plan with the same capabilities as they currently have, according to Rackspace.

“Every Hosted Exchange customer has the option to migrate and pay exactly what they are paying today or even slightly lower costs and have the same capabilities,” Rackspace said.

 Learn About Mark Haranas

Mark Haranas

Mark Haranas is an assistant news editor and longtime journalist now covering cloud, multicloud, software, SaaS and channel partners at CRN. He speaks with world-renown CEOs and IT experts as well as covering breaking news and live events while also managing several CRN reporters. He can be reached at [email protected].

You may also like


Soledad is the Best Newspaper and Magazine WordPress Theme with tons of options and demos ready to import. This theme is perfect for blogs and excellent for online stores, news, magazine or review sites. Buy Soledad now!

u00a92022 Soledad, A Media Company – All Right Reserved. Designed and Developed by Penci Design

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy