Rackspace: FBI, CrowdStrike Make Progress In Attack Probe

‘Rackspace is continuing to make all of our internal and external resources available to provide support to the remaining Hosted Exchange customers’ without email services, company says

As the FBI probes the ransomware attack that knocked out email service for tens of thousands of Rackspace clients, the multicloud solutions provider reported Wednesday that CrowdStrike has confirmed there’s been no further attacker activity within Rackspace’s Hosted Exchange environment.

The Windcrest, Texas-based Rackspace has confirmed that it has restored email service to two-thirds of its customers since the outage was first reported nearly two weeks ago. But the company also signaled Wednesday that the outage is still impacting thousands of other customers on its Hosted Exchange.

In addition, Rackspace also acknowledged for the first time in one of its ongoing updates that the FBI has indeed launched its own investigation into the devastating incident.

“We are also continuing to support the FBI‘s investigation into the attack,” the firm reported on its blog.

The FBI’s entry into the investigation was first reported by Barron’s, which also reported that “tens of thousands” of clients were ultimately impacted by the attack.

[RELATED STORY: The 10 Hottest Cloud Security Tools And Products Of 2022]

“Rackspace is continuing to make all of our internal and external resources available to provide support to the remaining Hosted Exchange customers, including additional surge staff and a Microsoft Fast Track team deployed to supplement our Rackspace work force,” Rackspace said in its blog post.

The firm added: “Please know that we are also continuing to work alongside external resources on our data recovery efforts. We understand how important data recovery is to our customers. In ransomware attacks, data recovery efforts do necessarily take significant time, both due to the nature of the attack and need to follow additional security protocols. We will continue to keep you updated on these efforts.”

In its Wednesday blog post, Rackspace reported that cybersecurity giant CrowdStrike has “confirmed that they have obtained very good visibility throughout the entire Rackspace environment.”

As a result, that visibility has enabled CrowdStrike to confirm that the “attack was limited to the Hosted Exchange environment,” as fact initially reported by Rackspace in the days immediately after the attack.

“CrowdStrike has also confirmed that there have been no signs of attacker activity in the Hosted Exchange environment since the ransomware attack on December 2, 2022,” the company reported.

As if affairs weren’t bad enough for Rackspace customers struggling with their email woes, Rackspace sought to remind customers that it’s “common for scammers and cybercriminals to try to take advantage” of the ongoing confusion surrounding the attack.

In particular, officials are worried about phishing attacks, on top of the ransomware attack.

“Please be assured that while Rackers will continue to reach out to you to provide support in transitioning to Microsoft 365 and get your email back up and running, there are important ways that you can distinguish legitimate Racker outreach from unauthorized individuals claiming to be Rackers,” said Rackspace.

The firm proceeded to outline precautionary steps companies can take to avoid scams.