On the 12th day of the Rackspace email disaster, it did not give to me …
… a working Exchange inbox tree
Updated There's no end – or restored data – in sight for some Rackspace customers now on day 12 of the company's ransomware-induced hosted Exchange email outage.
In the service provider's most recent update, posted at 0844 Eastern Time on Wednesday, Rackspace said it had hired CrowdStrike to investigate the fiasco, and noted it continues "to make all of our internal and external resources available to provide support to the remaining Hosted Exchange customers."
Rackspace did not, however, say if or when it expects to recover people's data that was lost or scrambled when ransomware hit its systems – an attack that took down some of Rackspace's hosted Microsoft Exchange services on December 2. Since then, affected customers have been unable to get at their data held in the hosted service.
"We understand how important data recovery is to our customers," Rackspace wrote. "In ransomware attacks, data recovery efforts do necessarily take significant time, both due to the nature of the attack and need to follow additional security protocols. We will continue to keep you updated on these efforts."
Here's a flavor of the customer sentiment right now:
Not a single comment on the FAQ saying why you havent restored from backups? Do you not have any? If not why did you not have them conforming to best practice?— JimtheITGuy (@JimtheITguy) December 14, 2022
The company also claimed to have transitioned more than two thirds of its customers to Microsoft 365, and, as it has in previous updates, Rackspace urged customers to migrate their users and domains to this environment.
"As a reminder, if you have not yet transitioned to Microsoft 365 or have not fully completed the transition, please leverage our support channels by either joining us in chat or by calling +1 (855) 348-9064 (INTL: +44 (0) 203 917 4743)," the update said. "Wait times continue to average less than 30 minutes."
Some users, however, say it's much longer. One Reg reader, Erin Lutz, told us that she hung up after being on hold for two hours and 40 minutes.
"If you are a Rackspace user, you have likely migrated to something else now to restore email to your domain," she said in an email to El Reg, adding that the biz's support team hasn't been very supportive. She told us:
If you want your email history prior to Sunday 12/4 or whenever it was that you moved to something else, you have to lob in a support request to Rackspace – and they advise that this email history may or may not return at some point – or you have the option of PAYING Rackspace's partner Barracuda Networks for the privilege of getting your email history restored. So basically, along with the hack of your data that may be out there in some nefarious users' hands due to the Rackspace ransomware hack, Rackspace users are also being extorted by Rackspace to get their own email history back.
Rackspace did not respond to The Register's inquiries about these claims, or anything else related to the ongoing outage.
Barracuda Networks also did not respond to The Register's questions about whether Rackspace customers have to pay to get their email history restored.
- Rackspace confirms ransomware attack behind days-long email meltdown
- Rackspace customers rage as email outage continues and migrations create migraines
- Rackspace rocked by 'security incident' that has taken out hosted Exchange services
- This ransomware gang is a right Royal pain in the AES for healthcare orgs
The hosting company still hasn't said how many customers were affected by the ransomware infection. But in today's update – and in a December 9 filing with the US Securities and Exchange Commission – Rackspace said CrowdStrike confirmed the intrusion was limited to the hosted Microsoft Exchange environment.
"CrowdStrike has also confirmed that there have been no signs of attacker activity in the Hosted Exchange environment since the ransomware attack on December 2, 2022," Rackspace noted in today's update. "We are also continuing to support the FBI's investigation into the attack."
Previously, Rackspace has said that its hosted Exchange email business comprises about one percent of its total annual revenue. In a December 6 SEC filing, the cloud outfit said the attack "may result in a loss of revenue" to this part of the biz, which brings in about $30 million annually. "In addition, the company may have incremental costs associated with its response to the incident," it noted in its Form 8-K. ®
Updated to add on December 16
A spokesperson for Rackspace has been in touch in an attempt to clarify whether people will have to pay to recover their data. The PR told us:
Customers who previously purchased the Barracuda archiving service and have archived emails are still able to access them.
Additionally, if Hosted Exchange customers have been using a desktop application, for example Microsoft Outlook, as their email client, a local copy of those customers' data may be available on their desktop computer.
If neither of these options are applicable, internal technical experts at Rackspace are working together with external data recovery resources, to diligently work on our data recovery efforts. Customers will not be charged for retrieving or accessing that data.