Dive Brief:
- Rackspace Technology confirmed that a financially motivated threat actor was behind the Dec. 2 ransomware attack, which disrupted email service to thousands of customers that use its Hosted Exchange service, the company said in an update Wednesday evening.
- The cloud services provider said the investigation by cybersecurity firm CrowdStrike and other cybersecurity experts, along with federal authorities, is nearing conclusion.
- Rackspace said it has very good visibility into the Hosted Exchange environment, and has no evidence of additional attacker activity since Dec. 2 or evidence of any lateral movement beyond the Hosted Exchange environment.
Dive Insight:
The San Antonio-based firm has continued to add customer service teams in an effort to move thousands of small- to medium-sized businesses onto Microsoft 365, after the ransomware attack disrupted its Hosted Exchange service.
Rackspace previously announced that more than two-thirds of Hosted Exchange customers had regained email access after it surged staff and added additional help from Microsoft FastTrack teams.
Customers have been complaining for weeks about what they say has been a lack of transparency and poor customer service following the incident, which the company initially called a service outage, before later confirming it as a ransomware attack.
The company has not named the threat actor or said whether a specific ransom was demanded or paid. The FBI has repeatedly urged companies in the past to come forward for assistance during ransomware attacks. The agency has often shared insights as to whether a threat is considered credible, can help ransomware victims obtain decryption keys and has in some instances helped organizations recover at least some of the proceeds that were extorted.
Meanwhile, a class action lawsuit filed against Rackspace in the U.S. District Court in San Antonio earlier this month by Garrett Stephenson was consolidated with another case, which added plaintiffs from multiple states.
The plaintiffs allege negligence, breach of implied contract and unjust enrichment, claiming Rackspace failed to secure their personally identifiable information.
Rackspace said it does not comment on pending litigation, through a spokesperson.