Cloud computing giant Rackspace has confirmed that it has been hit by a ransomware attack that has left a number of its customers without access to email.
Rackspace’s hosted Microsoft Exchange service started experiencing problems on Friday last week. At the time, Rackspace posted a notice on its status page saying that due to a “security incident,” it had “powered down and disconnected” the service. In an update published on Tuesday, Rackspace has confirmed that a ransomware attack is behind the ongoing outage.
“As you know, on Friday, December 2nd, 2022, we became aware of suspicious activity and immediately took proactive measures to isolate the Hosted Exchange environment to contain the incident,” the company said in a statement on Tuesday. “We have since determined this suspicious activity was the result of a ransomware incident.”
Rackspace says that the investigation, led by an unnamed cyber defense firm, is in its early stages and that the company has yet to determine “what, if any, data was affected.” The company added that if it determines that sensitive information was affected, it will “notify customers as appropriate.”
When asked by TechCrunch, Rackspace spokesperson Natalie Silva declined to share any more information about the nature of the incident or how the hackers were able to compromise its systems.
However, security researcher Kevin Beaumont believes the incident may involve exploitation of the Microsoft Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082, better known as ProxyNotShell. ProxyNotShell first came to light in August after Vietnamese cybersecurity company GTSC observed it being exploited in the wild. Microsoft confirmed exploitation the following month and linked it to a state-sponsored hacker group.
The issues affecting Rackspace’s hosted Microsoft Exchange service remains ongoing at the time of writing. The company is currently moving its Hosted Exchange customers over to Microsoft 365 to limit disruption.
Join 10k+ tech and VC leaders for growth and connections at Disrupt 2025
Netflix, Box, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, Vinod Khosla — just some of the 250+ heavy hitters leading 200+ sessions designed to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss the 20th anniversary of TechCrunch, and a chance to learn from the top voices in tech. Grab your ticket before doors open to save up to $444.
Join 10k+ tech and VC leaders for growth and connections at Disrupt 2025
Netflix, Box, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, Vinod Khosla — just some of the 250+ heavy hitters leading 200+ sessions designed to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss a chance to learn from the top voices in tech. Grab your ticket before doors open to save up to $444.
Rackspace noted that the ransomware incident could result in lost revenue for its hosted exchange business, which generates about $30 million a year. The company added that it could have incremental costs associated with its response to the incident.
