Our customer support teams will continue to work directly with customers to make their data available for download and remain on standby for any additional customer questions. Rackspace will continue to assist customers with choosing the best plan to meet their needs depending on the capabilities required for their businesses.Īs the forensic investigation has now concluded, we will no longer be posting updates to this status page. Also, Rackspace Email continues to be unaffected and is an alternative option for customers who do not wish to migrate to Microsoft 365. Every Hosted Exchange customer has the option to migrate and pay exactly what they are paying today or even slightly lower costs and have the same capabilities. There will be no price increase for our Hosted Exchange customers if they choose to move to Microsoft 365 and select a plan with the same capabilities as they currently have. Even prior to the recent security incident, the Hosted Exchange email environment had already been planned for migration to Microsoft 365, which has a more flexible pricing model, as well as more modern features and functionality. and we will be happy to assist you.įinally, the Hosted Exchange email environment will not be rebuilt as a go-forward service offering. As a reminder, we have prepared additional support resources that are available on our landing page ( ), but if your data is available and you are having trouble downloading it, please contact our support channels by either joining us in chat or by calling +1 (855) 348-9064 (INTL: +44 (0) 2). To check if your historical email data is available, please follow Step 2 on our Data Recovery Resources page ( ) and see if your mailbox is ready to download. Those PST files are now available through the customer portal. We expect that the on-demand solution will be available within two weeks.Īs a reminder, we are proactively notifying customers for whom we have recovered greater than 50% of their mailboxes. We will continue working to recover all data possible as planned, however, in parallel, we are developing an on-demand solution for those customers who do still wish to download their data. This indicates to us that many of our customers have data backed up locally, archived, or otherwise do not need the historical data. However, less than 5% of those customers have actually downloaded the mailboxes we have made available. As of today, more than half of impacted customers have some or all of their data available to them for download. Notably, this information does not impact the ongoing process of recovering historical email data for our Hosted Exchange email customers. Customers who were not contacted directly by the Rackspace team can be assured that their PST data was not accessed by the threat actor. We have already communicated our findings to these customers proactively, and importantly, according to CrowdStrike, there is no evidence that the threat actor actually viewed, obtained, misused, or disseminated emails or data in the PSTs for any of the 27 Hosted Exchange customers in any way. Of the nearly 30,000 customers on the Hosted Exchange email environment at the time of the attack, the forensic investigation determined the threat actor accessed a Personal Storage Table ("PST") of 27 Hosted Exchange customers. We will be sharing more detailed information with our customers and peers in the security community so that, collectively, we can all better defend against these types of exploits in the future.Īs a reminder, no other Rackspace products, platforms, solutions, or businesses were affected or experienced downtime due to this incident. We urge all organizations and security teams to read the blog CrowdStrike recently published about this exploit and learn how to take action to protect your own organization, available at. Microsoft disclosed CVE-2022-41080 as a privilege escalation vulnerability and did not include notes for being part of a Remote Code Execution chain that was exploitable. This zero-day exploit is associated with CVE-2022-41080. The forensic investigation determined that the threat actor, known as PLAY, used a previously unknown security exploit to gain initial access to the Rackspace Hosted Exchange email environment. We have been diligent about this forensic investigation and prioritizing accuracy and precision in everything we say and do, because our credibility is important to us at Rackspace. While there has been widespread speculation that the root cause of this incident was the result of the ProxyNotShell exploit, we can now definitively state that is not accurate. We have recently completed our forensic investigation and are now in a position to share more information about the root cause and full scope of the incident. Our Racker team has been hard at work over the holidays and into the New Year to support recovery efforts.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |