Security News > 2023 > January > Rackspace ransomware attack was executed by using previously unknown security exploit

The MS Exchange exploit chain recently revealed by Crowdstrike researchers is how the Play ransomware gang breached the Rackspace Hosted Exchange email environment, the company confirmed last week.

"We will be sharing more detailed information with our customers and peers in the security community so that, collectively, we can all better defend against these types of exploits in the future," Rackspace noted in its final update on the concluded forensic investigation.

Customers attempting to connect to Rackspace's Hosted Exchange environment started having trouble on December 2, 2022, and soon enough the company confirmed that a security breach had taken place, due to a ransomware attack.

While the company is set to deliver within two weeks an on-demand solution for those customers who wish to download their archived data, there can be no going back to using the Rackspace Hosted Exchange service.

Customers who don't want to or can't migrate to Microsoft 365 - but still have faith in the company's security capabilities - have been pointed towards the Rackspace Email service.

Trend Micro researchers have documented Play ransomware's attack playbook in September 2022, but obviously the ransomware group's initial access capabilities have been improved with the use of this new Exchange exploit chain - and Rackspace suffered as a consequence.

News URL

https://www.helpnetsecurity.com/2023/01/09/rackspace-ransomware-attack-was-executed-via-previously-unknown-security-exploit/