On Dec. 2, cloud computing company Rackspace Technology reported an outage affecting the hosted Microsoft Exchange accounts of tens of thousands of companies. After two weeks, the outage continues, preventing users across North America from accessing their email inboxes, contact lists, or calendars.
In the immediate wake of the outage, Rackspace revealed little about it, other than to say they had disabled their Exchange servers and shut down all impacted environments, including potential backups of affected data. Impacted users took to social media to vent their concerns while flooding Rackspace’s overwhelmed customer support portals with pleas for information.
Finally, one week later, Rackspace revealed that the outage was caused by a ransomware attack. An outside advisor working with the company to mitigate the effects of the attack said only that “a criminal, financially motivated group” had executed the attack.
Beyond that, Rackspace has not revealed how the cybercriminals accessed their servers, the quantity of data stolen, whether a ransom has been paid to retrieve that data, or even a suspected motivation for the attack. On Dec. 16, Rackspace did reveal that they would start restoring customers’ access to lost data.
But Josh Prewitt, Chief Product Officer at the company, admitted to the San Antonio Express-News that data retrieval would start from internal backups — but with only “a handful of customers.” When pressed for details, he added, “We’re talking about large amounts of data here and lots of customers,” declining to pinpoint how long the process would take or how many Exchange accounts had been affected.
What can email users do to access their information?
Immediately after the outage was announced, Rackspace encouraged users to upgrade from Microsoft Exchange to Microsoft 365 so that they could resume normal email operations. Spokespeople for Rackspace said nearly 75% of affected users had chosen that option.
Some Rackspace customers did have access to email archiving, allowing them to download their own email history. But that optional service cost extra, meaning many users never thought it necessary to pay for it. For them, email history before Dec. 2 is presumed lost — unless Rackspace can recover it from its own internal backups, a process that still hasn’t been confirmed. If users accessed their email through a desktop application like Microsoft Outlook, Rackspace said there is a chance that a local copy of archived data could exist on their desktops. But those copies can be hard to find and harder to reinstate without the help of a trusted IT provider.
No matter what, losing access to potentially years of email activity represents a major double whammy for those already concerned that their private communications have ended up in the hands of cybercriminals.
How will Rackspace be affected?
Beyond the fire trained at the company from aggrieved users venting their frustrations on social media, the reputational impacts of this ransomware attack could be severe. Hundreds of users filed a consolidated class action lawsuit in San Antonio’s U.S. District Court alleging that the company failed to protect sensitive data. State regulators could also investigate the company and its response to the incident.
Rackspace has said it’s working closely with the FBI to coordinate its response to the ransomware attack, but the FBI has not confirmed nor denied its involvement. And many have blasted Rackspace’s communications (or lack thereof) on the matter — especially when it comes to email services, regarded as one of the most crucial for businesses.
What actions can be taken to mitigate future ransomware attacks like this one?
No single step can completely prevent such cybersecurity debacles. But a multi-tiered approach can keep your business, your data, and your email safe. Here are four strategies that CMIT Solutions recommends:
1. Back your data up in a variety of ways. Instead of just a one-size-fits-all approach, reliable data backup should be customized to fit your information architecture and business needs. Some companies prioritize backups based on what data is most vulnerable or needed for crucial day-to-day operations — essentially, the information you can’t live without. Based on those decisions, CMIT Solutions can help with different types of services: physical data backups stored on onsite hardware, cloud-based backups stored in redundant virtual locations, and location-specific backups that capture new images of information each day. These processes should always run automatically in the background so that backup snapshots can be easily confirmed without giving this critical process a second thought.
2. Know how to quickly recover your data in the event of an emergency. If Rackspace had quickly restored lost information to affected users, the impacts of its ransomware attack could have been mitigated. That’s why CMIT Solutions specializes in intelligent data recovery that can be implemented in hours or even minutes. We test data retrieval protocols often so that specific steps are easy to execute. We use incremental virtualization so that key chunks of data can be reinstalled quickly before an entire backup chain is completed. We encrypt all stored information with industry-leading, compliance-friendly protection. And we can even set up virtual environments so that businesses can keep functioning in the face of a total system outage like the one Rackspace faced.
3. Protect all systems with multi-layered cybersecurity. Rackspace claims that the ransomware attack only affected their hosted Exchange servers. But security experts find it hard to believe that other parts of their systems weren’t also impacted. That’s why CMIT Solutions provides multi-layered security to its clients. This method is often referred to as “defense in depth,” or DID — essentially, multiple defense mechanisms protect valuable systems and information. If one layer fails, the others step in to prevent a breach or loss of data. Common layers include perimeter defenses like firewalls and multi-factor authentication, proactive monitoring like anti-malware and DNS filtering, and security training for password policies and phishing protection.
As we close out 2022 and look ahead to 2023, digital threats still abound. If your business wants to start the New Year with enhanced cybersecurity and extra protection from ransomware attacks like the one that affected Rackspace, contact CMIT Solutions today. We go the extra mile to safeguard email accounts, reliably archive data, and provide proactive IT support to keep you safe.