Content, Breach

Rackspace Hosted Exchange Ransomware Attack: Email Outage Timeline and Recovery Updates

Rackspace confirmed a Hosted Exchange ransomware attack has knocked out email service to customers. The attack "may result in a loss of revenue for the Hosted Exchange business, which generates approximately $30 million of annual revenue," Rackspace disclosed on December 6 -- four days after the ransomware attack occurred.

Rackspace is a multi-cloud MSP. As of December 9, 2022 at 8:20 a.m. ET, the company is "unable to provide any timeline or expectations for restoration to the Hosted Exchange environment."

The security incident comes at a critical time for Rackspace. The San Antonio, Texas-based company ranks among the world's Top 250 Public Cloud MSPs. Still, Rackspace faces growth challenges on multiple business fronts. The evidence: Rackspace's market valuation is roughly $1.02 billion as of December 4, 2022 -- down roughly 65% over the past year, according to SeekingAlpha. Amid that backdrop, the company has overhauled its executive team, reorganized and considered potential asset sales over the past year.

Rackspace Hosted Exchange Outage: Microsoft 365 Workaround

As a workaround, the company is offering free Microsoft 365 subscriptions as a workaround to impacted customers. Moreover, Rackspace has mobilized 1,000 support professionals to help Hosted Exchange customers with the migrations to Microsoft 365 -- but that migration process involves manual tasks that have frustrated some customers.

To help mitigate the migration challenges, Rackspace is partnering with "Microsoft's Fast Track team to add resources to our extended team to better assist customers with troubleshooting and any technical questions."

Rackspace ($RXT) has hired "world-class external expertise" to assist with the security incident investigation, the company said, though specific MSSP and incident response company names were not disclosed. The incident started early on December 2. As of early December 6, Rackspace does not have an ETA for Hosted Exchange system recovery.

Rackspace Hosted Exchange Security Incident Timeline

Here is a timeline of the Rackspace Hosted Exchange security incident, investigation and email recovery efforts:

  • Friday, December 2, 2:49 a.m. ET: Rackspace discloses that it is investigating an "issue that is affecting our Hosted Exchange environments."
  • Friday, December 2, 9:38 a.m. ET: Rackspace says "All hands are on the deck & right resources have been engaged and are actively working on the issue."
  • Friday, December 2, 8:19 p.m. ET: Rackspace provides affected customers with free access to Microsoft Exchange Plan 1 licenses on Microsoft 365 "until further notice."
  • Saturday, December 3, 1:57 a.m. ET: Rackspace discloses that the Hosted Exchange outage involves a security incident, and the company has no ETA for resolution. The company vows to offer status updates every 12 hours.
  • Saturday, December 3, 2:31 p.m. ET: The company continues to work with "outside experts" to determine the full scope and impact of the incident.
  • Sunday, December 4, 12:37 a.m. ET: The company has engaged "world-class external expertise" in an effort to "minimize negative impacts to customers," and continues to recommend that Hosted Exchange customers migrate to Microsoft 365.
  • Sunday, December 4, 2;05 p.m. ET: Rackspace is "contacting every Hosted Exchange customer by phone" to assist customers through options, but the company did not say how much time that manual process will require.
  • Monday, December 5, 1:28 a.m. ET: The company continues to recommend migrating to Microsoft 365 as the "best solution" for Hosted Exchange outage customers. Thousands of migrations have now taken place since the Hosted Exchange outage, though the number of customers still dark remains undisclosed. Rackspace did not comment about the status of a potential Hosted Exchange restore.
  • Tuesday, December 6, 8:30 a.m. ET: Rackspace confirmed that the Hosted Exchange security incident was a ransomware attack. The company believes that this incident was isolated to its Hosted Exchange business. The attack "may result in a loss of revenue for the Hosted Exchange business, which generates approximately $30 million of annual revenue in the Apps & Cross Platform segment.  In addition, Rackspace Technology may have incremental costs associated with its response to the incident," the company said.
  • Thursday, December 6: In multiple updates, Rackspace said it is working with Microsoft to speed Microsoft 365 migrations for affected Hosted Exchange customers, and there's no timetable for the Hosted Exchange restore amid the ongoing cyberattack investigation.
  • Stay tuned for more updates.

Rackspace Business Evolution

Rackspace was an early leader in the hosting market. But an ill-fated shift to OpenStack failed to compete against public cloud providers such as Amazon Web Services, Microsoft Azure and Google Cloud. In a major business pivot, Rackspace has spent recent years offering multi-cloud managed services and security services for customers that run AWS, Azure and Google Cloud workloads.

Note: Blog originally posted December 4, 2022. Updated regularly thereafter.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.