A ransomware attack at San Antonio-based Rackspace Technology has caused service disruptions for thousands of its customers.
The attack began last Friday, Dec. 2nd, and continues although the company reported Friday night that two-thirds of its customers’ services have been restored.
The ransom wear incident affected Rackspace’s Hosted Exchange Email business, which represents one percent of Rackspace’s total annual revenue and is comprised of primarily small and medium businesses that solely use this product, according to a filing with the Securities and Exchange Commission.
“No other Rackspace products, platforms, solutions, or businesses were affected or are experiencing downtime due to this incident,” according to Rackspace.
Rackspace hired a leading cyber defense firm to investigate along with its security team.
“Ransomware is a type of malicious software or malware that prevents you from accessing your computer files, systems, or networks and demands you pay a ransom for their return,” according to the Federal Bureau of Investigations. “Ransomware attacks can cause costly disruptions to operations and the loss of critical information and data.”
Computers can become infected with ransomware by opening an email attachment, clicking an ad, following a link, or even visiting a website that’s embedded with malware, according to the FBI.
“Once the code is loaded on a computer, it will lock access to the computer itself or data and files stored there,” according to the FBI. “More menacing versions can encrypt files and folders on local drives, attached drives, and even networked computers.”
Rackspace has been working with its customers to migrate them to a new environment as quickly as possible, according to a news release.
“Rackspace maintains cybersecurity insurance commensurate with the size of its business, and is confident in its ability to absorb potential financial costs associated with the incident and fulfill its obligations to other customers,” according to a filing with the SEC.
“As of today, more than two-thirds of our customers on the Hosted Exchange environment are back on email,” according to Rackspace. “Every customer who has reached us has been offered support to transition to Microsoft 365.”
“We are continuing to make significant progress in our recovery efforts. We have engaged industry-leading global cybersecurity firm CrowdStrike to help investigate and remediate,” according to Rackspace. “Due to swift action on the Company’s part in disconnecting its network and following its incident response plans, CrowdStrike has confirmed the incident was quickly contained and limited solely to the Hosted Exchange Email business.”
Rackspace is still investigating the root cause of the incident.
Meanwhile, Rackspace faces two class action lawsuits filed on December 6th against the company last week in U.S. District Court for the Western District of Texas.
Chris Ondo, represented by Jon B. Ellis of Sadovsky & Ellis, filed a class action lawsuit against Rackspace seeking injunctive relief and damages for alleged negligence and breach of confidence.
In addition, Garrett Stephenson and Gateway Recruiting, LLC, represented by Cole & Van Note, filed a class action lawsuit, Stephenson, et al. v. Rackspace Technology, Inc. for negligence and related violations arising out of the email hosting provider’s recent high-profile data breach. In addition to monetary damages, the suit demands Rackspace Technology implement and maintain sufficient security protocols going forward so as to prevent future attacks.