Rackspace-Hosted Exchange Service Gets Hit with Ransomware Attack

Rackspace's hosted Microsoft Exchange e-mail service was disrupted by a ransomware attacks, the managed services provider confirmed on Tuesday

The attack was initially described by San Antonio, Texas-based Rackspace on Friday, Dec. 2 as "connectivity issues" that were affecting its hosted Exchange service, per its service status log. On that day, Rackspace actually shut down that service. It indicated then that "a portion of our Hosted Exchange platform" had been affected.

Rackspace also on Dec. 2 began helping its customers move to the Microsoft 365 service.

"At no cost to you, we will be providing you access to Microsoft Exchange Plan 1 licenses on Microsoft 365 until further notice," Rackspace told its hosted Exchange customers at that time.

Later, on Dec. 5, Rackspace communicated that it had moved thousands of its hosted Exchange customers to Microsoft 365, restoring their e-mail service:

We have successfully restored email services to thousands of customers on Microsoft 365 and continue to make progress on restoring email service to every affected customer. At this time, moving to Microsoft 365 is the best solution for customers who can now also implement temporary forwarding.

Rackspace's own branded e-mail service and other services apparently were not affected by the ransomware attack, per a statement in the company's press release:

Based on the investigation to date, Rackspace Technology believes that this incident was isolated to its Hosted Exchange business. Rackspace Technology's other products and services are fully operational, and the company has not experienced an impact to its Email product line and platform.

Rackspace is still estimating the damage from the attack, but it suggested the ransomware attack could affect its hosted Exchange business, including a substantial revenue loss for the company. Its hosted Exchange business "generates approximately $30 million of annual revenue in the Apps & Cross Platform segment," the company's announcement explained.

Rackspace indicated in its service incident log that it had put "roughly 1000 support Rackers" on call on a "24/7 basis" to assist its hosted Exchange customers move to the Microsoft 365 service.

Rackspace has "engaged a leading cyber defense firm to investigate" the ransomware incident, and is planning to post updates "as warranted." The investigation was said to be in its "early stages," and it wasn't clear if any data were affected by the attack. It is continuing to monitor for suspicious activities.

"If we determine sensitive information was affected, we will notify customers as appropriate," Rackspace indicated.

Rackspace isn't offering an estimate on when its hosted Exchange service may be restored.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • Red Brick Graphic

    Microsoft To Pour Millions into Partner Incentives, Azure and Security in FY2025

    Microsoft's inaugural MCAPS Start for Partners event took place this week, marking the beginning of its fiscal 2025.

  • New Microsoft Security Releases Aim To Smooth the Road to Zero Trust

    IT teams often juggle multiple tools to monitor and maintain the security of their environments. Two new products released by Microsoft this week aim to consolidate their toolboxes and help organizations achieve zero trust faster.

  • Antitrust Worries Hound Microsoft Off OpenAI's Board: Report

    In a move likely meant to assuage antitrust regulators' concerns, Microsoft on Wednesday stepped down from its role as a non-voting OpenAI board member.

  • Image of a futuristic maze

    The 2024 Microsoft Product Roadmap

    Everything Microsoft partners and IT pros need to know about major Microsoft product milestones this year.