It appears that attacks on Rackspace’s email service have calmed down since the FBI started investigating.
Rackspace has confirmed that it has restored email service to two-thirds of its customers since the outage was reported nearly two weeks ago. But the company signalled Wednesday that the outage is still impacting thousands of other customers on its Hosted Exchange.
CrowdStrike has confirmed no further attacker activity within Rackspace’s Hosted Exchange environment.
The FBI’s entry into the investigation was first reported by Barron’s, which reported that “tens of thousands” of clients were ultimately impacted by the attack.
Writing in its bog, Rackspace said it was continuing to make all of its internal and external resources available to provide support to the remaining Hosted Exchange customers, including additional surge staff and a Microsoft Fast Track team deployed to supplement our Rackspace work force.
The firm said: “Please know that we are also continuing to work alongside external resources on our data recovery efforts. We understand how important data recovery is to our customers. In ransomware attacks, data recovery efforts do necessarily take significant time, both due to the nature of the attack and need to follow additional security protocols. We will continue to keep you updated on these efforts.”
In its Wednesday blog post, Rackspace reported that cybersecurity giant CrowdStrike has “confirmed that they have obtained very good visibility throughout the entire Rackspace environment”.
As a result, that visibility has enabled CrowdStrike to confirm that the “attack was limited to the Hosted Exchange environment” initially reported by Rackspace in the days immediately after the attack.
“CrowdStrike has confirmed that there have been no signs of attacker activity in the Hosted Exchange environment since the ransomware attack on December 2, 2022”, the company reported.