Rackspace Technology has disclosed to the Security and Exchange Commission (SEC) in multiple 10Q filings that its losses from a single ransomware attack had reached nearly $11 million and could go higher.
To offset some of those losses, Rackspace expects its cyber insurance policy will cover about $5.4 million of the costs.
Attack Knocks Out Customers' Email
In early December 2022, the cloud hoster was hit by a Hosted Exchange hijack that knocked out email service to thousands of customers, most of which were small- to medium-sized businesses (SMBs). On December 6, four days after the incident, the company acknowledged that the attack may result in a substantial loss of revenue.
The Hosted Exchange email business is a managed email solution provided to SMBs and represents approximately 1% of the company’s total annual revenue.
Rackspace Hires CrowdStrike to Investigate
To conduct the security investigation of the Hosted Exchange attack, Rackspace hired cyber protector CrowdStrike and other supplemental support staff, although the specific MSSP and incident response companies were not named.
“The firm confirmed that the [Dec 2022] incident was quickly contained and limited solely to the Hosted Exchange email business,” Rackspace said.
At the end of last year, Rackspace had taken losses of $5.9 million related to the Hosted Exchange ransomware kidnap, according to a 10Q disclosure.
In a newly filed 10Q, Rackspace confirmed that through September 30, 2023 it had recorded an additional $5 million in losses related to the Hosted Exchange cyber event, including third party security experts deployed to provide support to customers. These costs also included investigation, remediation, legal, and other expenses tied to the security extortion.
During the three-month period ended March 31, 2023, Rackspace recorded $3.2 million of expenses related to the Hosted Exchange incident. In the second quarter, the company reported losses of $1.7 million related to the event. Rackspace has posted losses of nearly $11 million due to the incident.
Mounting Costs, Lawsuits
Legal and professional costs, including supplemental staff to help with customer support will likely drive the cumulative total even higher. As Rackspace stated:
“We are named in several lawsuits in connection with the December 2022 ransomware incident, which caused service disruptions on our Hosted Exchange email business. The pending lawsuits seek, among other things, equitable and compensatory relief… at this early stage in the proceedings, we are not able to determine the probability of the outcome of these matters or a range of reasonably expected losses, if any."
Rackspace blamed the Play crew for the intrusion, and said the cyber crooks broke in after exploiting CVE-2022-41080, a critical Exchange privilege escalation bug, ahead of Microsoft issuing a patch.