Rackspace, a cloud computing service provider, has confirmed that they have suffered a cyberattack on Thursday. The service already warned its customers in its hosted Microsoft Exchange environment. Rackspace is already working on bringing systems back online and is investigating the ransomware attack.
What Customers Should Watch Out For
According to Rackspace, the hackers could exploit the incident and use the information they stole for phishing attacks. The company is urging customers to login into their panel and create a ticket detailing the message they received in the event that they receive a suspicious one.
Although they are encouraging customers to be more careful, the service provider also said that there is no evidence that suggests increased risk brought by the cyberattack. Rackspace provides potential signs when you're actually interacting with a threat actor.
When someone claims that they are from or represent Rackspace, the email should come from an account with an "@rackspace.com" domain. However, there is still a chance that the threat actor might use a spoof email address, as mentioned in Bleeping Computer.
When contacted via phone call, do not provide information like login credentials or sensitive information like your social security number, driver's license, and more. Rackspace support will not ask forthis information.
The company advised customers to keep an eye out for their credit reports and banking account statements. If you do get emails with suspicious attachments or links, do not click them, as they may lead to a phishing page where your data could be breached.
Damage Brought By the Ransomware Attack
The company states that the incident only affected their Hosted Exchange business and that other products and services are online and ongoing. Just to be careful, they have placed additional security measures to monitor suspicious activity.
Rackspace is in contact with all the affected customers to assist them with transferring to a new environment, as well as limit any effects on their own business in regards to the cyberattack. This incident has affected the Hosted Exchange business of the company as well.
According to the service provider's press release, Rackspace may lose revenue due to the attack. The Hosted Exchange business is said to generate $30 million in revenue per year in its Apps & Cross platform.
No data from Rackspace has been published in any leak sites so far, which is usually what comes after failed negotiations in a ransomware attack. This may indicate that the company is still discussing the terms with the threat actors.
The Hosted Exchange customers are comprised of small to medium-sized businesses, and they don't have the staff to run an on-premise Exchange server. According to Malwarebytes, there are still several services that are affected within the Hosted Exchange environment, like MAPI/RPC, IMAP, SMTP, and ActiveSync.
Even if there is no evidence of a leak through websites where ransomware data tend to be exposed, affected customers should still be vigilant as the threat actors might use the stolen information to directly victimize Rackspace customers.