Security News > 2023 > January > Rackspace ransomware attack was executed by using previously unknown security exploit
The MS Exchange exploit chain recently revealed by Crowdstrike researchers is how the Play ransomware gang breached the Rackspace Hosted Exchange email environment, the company confirmed last week.
"We will be sharing more detailed information with our customers and peers in the security community so that, collectively, we can all better defend against these types of exploits in the future," Rackspace noted in its final update on the concluded forensic investigation.
Customers attempting to connect to Rackspace's Hosted Exchange environment started having trouble on December 2, 2022, and soon enough the company confirmed that a security breach had taken place, due to a ransomware attack.
While the company is set to deliver within two weeks an on-demand solution for those customers who wish to download their archived data, there can be no going back to using the Rackspace Hosted Exchange service.
Customers who don't want to or can't migrate to Microsoft 365 - but still have faith in the company's security capabilities - have been pointed towards the Rackspace Email service.
Trend Micro researchers have documented Play ransomware's attack playbook in September 2022, but obviously the ransomware group's initial access capabilities have been improved with the use of this new Exchange exploit chain - and Rackspace suffered as a consequence.
News URL
Related news
- GoFetch security exploit can't be disabled on M1 and M2 Apple chips (source)
- Lessons from a Ransomware Attack against the British Library (source)
- Jackson County in state of emergency after ransomware attack (source)
- Panera Bread week-long IT outage caused by ransomware attack (source)
- The Week in Ransomware - April 5th 2024 - Virtual Machines under Attack (source)
- How can the energy sector bolster its resilience to ransomware attacks? (source)
- The Drop in Ransomware Attacks in 2024 and What it Means (source)
- Change Healthcare faces second ransomware dilemma weeks after ALPHV attack (source)
- CL0P's Ransomware Rampage - Security Measures for 2024 (source)
- Daixin ransomware gang claims attack on Omni Hotels (source)