There’s no end – or restored data – in sight for some Rackspace customers now on day 12 of the company’s ransomware-induced hosted Exchange email outage.
In the service provider’s most recent update, posted at 0844 Eastern Time on Wednesday, Rackspace said it had hired CrowdStrike to investigate the fiasco, and noted it continues “to make all of our internal and external resources available to provide support to the remaining Hosted Exchange customers.”
Rackspace did not, however, say if or when it expects to recover people’s data that was lost or scrambled when ransomware hit its systems – an attack that took down some of Rackspace’s hosted Microsoft Exchange services on December 2. Since then, affected customers have been unable to get at their data held in the hosted service.
“We understand how important data recovery is to our customers,” Rackspace wrote. “In ransomware attacks, data recovery efforts do necessarily take significant time, both due to the nature of the attack and need to follow additional security protocols. We will continue to keep you updated on these efforts.”
Here’s a flavor of the customer sentiment right now:
Not a single comment on the FAQ saying why you havent restored from backups? Do you not have any? If not why did you not have them conforming to best practice?
— JimtheITGuy (@JimtheITguy) December 14, 2022
The company also claimed to have transitioned more than two thirds of its customers to Microsoft 365, and, as it has in previous updates, Rackspace urged customers to migrate their users and domains to this environment.
“As a reminder, if you have not yet transitioned to Microsoft 365 or have not fully completed the transition, please leverage our support channels by either joining us in chat or by calling +1 (855) 348-9064 (INTL: +44 (0) 203 917 4743),” the update said. “Wait times continue to average less than 30 minutes.”
Some users, however, say it’s much longer. One Reg reader, Erin Lutz, told us that she hung up after being on hold for two hours and 40 minutes.
“If you are a Rackspace user, you have likely migrated to something else now to restore email to your domain,” she said in an email to El Reg, adding that the biz’s support team hasn’t been very supportive. She told us:
Rackspace did not respond to The Register‘s inquiries about these claims, or anything else related to the ongoing outage.
Barracuda Networks also did not respond to The Register‘s questions about whether Rackspace customers have to pay to get their email history restored.
The hosting company still hasn’t said how many customers were affected by the ransomware infection. But in today’s update – and in a December 9 filing with the US Securities and Exchange Commission – Rackspace said CrowdStrike confirmed the intrusion was limited to the hosted Microsoft Exchange environment.
“CrowdStrike has also confirmed that there have been no signs of attacker activity in the Hosted Exchange environment since the ransomware attack on December 2, 2022,” Rackspace noted in today’s update. “We are also continuing to support the FBI’s investigation into the attack.”
Previously, Rackspace has said that its hosted Exchange email business comprises about one percent of its total annual revenue. In a December 6 SEC filing, the cloud outfit said the attack “may result in a loss of revenue” to this part of the biz, which brings in about $30 million annually. “In addition, the company may have incremental costs associated with its response to the incident,” it noted in its Form 8-K. ®