Hackers Behind Ransomware Attack on Rackspace Accessed Customer Data

/in


The hackers behind the ransomware attack on cloud computing provider Rackspace also accessed the email data of a small subset of customers. 

Attackers had access to the Personal Storage Table for 27 Hosted Exchange customers on Rackspace, the company reported on Thursday. The same storage table contains calendar events, contacts, and email messages, putting affected customers at serious risk of data exposure. 

However, Rackspace added: “There is no evidence that the threat actor actually viewed, obtained, misused, or disseminated emails or data in the PSTs for any of the 27 Hosted Exchange customers in any way,” citing forensic findings from cybersecurity from Crowdstrike. 

Texas-based Rackspace provided the update a month after a ransomware attack disrupted access to its Hosted Exchange business, which offers cloud-based email services to 30,000 clients. Rackspace is now blaming the attack on a relatively new ransomware gang called Play. 

The company’s forensic investigation found that the group used a previously unknown attack method in Microsoft Exchange Server to gain access to Rackspace’s Hosted Exchange systems. The attack method is actually connected to the CVE-2022-41080 vulnerability, which was disclosed in November and can give a hacker elevated privileges once inside an Exchange Server environment. However, Rackspace discovered the hackers also used the flaw to help them execute rogue computer code over the company’s systems.

Crowdstrike spotted the ransomware gang Play exploiting the same attack vector to attack victims. However, it noted that installing a November patch can stop the threat—an indicator that Rackspace was slow to install security updates for its Hosted Exchange systems. 

In responding to the breach, Rackspace says it will abandon its Hosted Exchange email environment. Instead, the company is proceeding with existing plans to migrate customers’ accounts to Microsoft 365. Meanwhile, Rackspace Email will be offered as an alternative to clients, who wish to remain off Microsoft 365.

“While the Hosted Exchange email environment was a small part of our business, it represents thousands of long-time and loyal customers whom we deeply…

Source…