Rackspace-Hosted Exchange Service Gets Hit with Ransomware Attack

Rackspace's hosted Microsoft Exchange e-mail service was disrupted by a ransomware attacks, the managed services provider confirmed on Tuesday

The attack was initially described by San Antonio, Texas-based Rackspace on Friday, Dec. 2 as "connectivity issues" that were affecting its hosted Exchange service, per its service status log. On that day, Rackspace actually shut down that service. It indicated then that "a portion of our Hosted Exchange platform" had been affected.

Rackspace also on Dec. 2 began helping its customers move to the Microsoft 365 service.

"At no cost to you, we will be providing you access to Microsoft Exchange Plan 1 licenses on Microsoft 365 until further notice," Rackspace told its hosted Exchange customers at that time.

Later, on Dec. 5, Rackspace communicated that it had moved thousands of its hosted Exchange customers to Microsoft 365, restoring their e-mail service:

We have successfully restored email services to thousands of customers on Microsoft 365 and continue to make progress on restoring email service to every affected customer. At this time, moving to Microsoft 365 is the best solution for customers who can now also implement temporary forwarding.

Rackspace's own branded e-mail service and other services apparently were not affected by the ransomware attack, per a statement in the company's press release:

Based on the investigation to date, Rackspace Technology believes that this incident was isolated to its Hosted Exchange business. Rackspace Technology's other products and services are fully operational, and the company has not experienced an impact to its Email product line and platform.

Rackspace is still estimating the damage from the attack, but it suggested the ransomware attack could affect its hosted Exchange business, including a substantial revenue loss for the company. Its hosted Exchange business "generates approximately $30 million of annual revenue in the Apps & Cross Platform segment," the company's announcement explained.

Rackspace indicated in its service incident log that it had put "roughly 1000 support Rackers" on call on a "24/7 basis" to assist its hosted Exchange customers move to the Microsoft 365 service.

Rackspace has "engaged a leading cyber defense firm to investigate" the ransomware incident, and is planning to post updates "as warranted." The investigation was said to be in its "early stages," and it wasn't clear if any data were affected by the attack. It is continuing to monitor for suspicious activities.

"If we determine sensitive information was affected, we will notify customers as appropriate," Rackspace indicated.

Rackspace isn't offering an estimate on when its hosted Exchange service may be restored.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • Microsoft Joins Amazon, Google, OpenAI and Other Tech Giants in AI Safety Pledge

    Over a dozen companies at the forefront of today's generative AI boom have agreed to a set of "AI safety commitments" as part of last week's AI Seoul Summit.

  • Image of a futuristic maze

    The 2024 Microsoft Product Roadmap

    Everything Microsoft partners and IT pros need to know about major Microsoft product milestones this year.

  • SharePoint Embedded Becomes Generally Available

    After a six-month preview, SharePoint Embedded, an API-based version of SharePoint that developers and ISVs can use to embed Microsoft 365 capabilities into their apps, is now generally available.

  • Copilot in Microsoft 365 Getting Agents, Extensions and Team (Not Teams) Support

    Microsoft is adding more functionality to its Copilot AI assistant aimed at improving business collaboration, processes and workflows for Microsoft 365 users.