Security News > 2023 > January > Rackspace blames ransomware woes on zero-day attack
Rackspace has confirmed the Play ransomware gang was behind last month's hacking and said it won't bring back its hosted Microsoft Exchange email service, as it continues working to recover customers' email data lost in the December 2 ransomware attack.
Rackspace said "More than half" of its customers who lost their hosted email service last month now have "Some or all of their data available to them for download," in its latest and final status update, posted today.
"Of the nearly 30,000 customers on the Hosted Exchange email environment at the time of the attack, the forensic investigation determined the threat actor accessed a Personal Storage Table of 27 Hosted Exchange customers," according to the update.
Four days later, Rackspace admitted a ransomware infection was to blame, and over the subsequent weeks the company has been moving customers to cloud-based Microsoft 365 and working to recover their pre-December 2 email data, which, for some customers, includes a decade's worth of old messages and contacts.
Rackspace still hasn't said how many customers were affected by the email outage, or when it expects to complete the data recovery process.
"As the process remains underway, we want to remind customers that due to the nature of the incident, certain elements of email and other data may remain unavailable to our customers," Rackspace warned in a December 27, 2022 update.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/01/05/rackspace_ransomware_gang/
Related news
- Rackspace monitoring data stolen in ScienceLogic zero-day attack (source)
- Critical SonicWall SSLVPN bug exploited in ransomware attacks (source)
- NoName ransomware gang deploying RansomHub malware in recent attacks (source)
- Port of Seattle hit by Rhysida ransomware in August attack (source)
- Windows vulnerability abused braille “spaces” in zero-day attacks (source)
- AutoCanada says ransomware attack "may" impact employee data (source)
- Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks (source)
- Embargo ransomware escalates attacks to cloud environments (source)
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Rackspace internal monitoring web servers hit by zero-day (source)