Rackspace blames ransomware attack for massive server outages

Rackspace Technology, one of the largest cloud and email hosting providers in the U.S., said Tuesday a ransomware attack is to blame for a massive outage that's kept some customers out of their email inboxes since Friday.

Why it matters: The crisis provides a window into the hidden world of email hosting, where clients entrust their deepest electronic secrets to third-party cloud providers for storage and protection.

• Potentially accessed data on Rackspace's servers could include archived email messages and contact lists.

The big picture: The ransomware attack has Rackspace scrambling to get some of its hosting services back online and left customers without access to their email inboxes over the weekend.

• Kevin Beaumont, a security researcher and former Microsoft employee, estimated in a recent blog post that thousands of small-to-medium-sized businesses are affected by the outage. A handful of customers — from investment firms to waste management facilities — are sharing on LinkedIn that their emails are still down due to the incident.
• Rackspace spokesperson Natalie Silva declined to say how many customers have been affected.
• Rackspace said in an SEC filing Tuesday the attack "may result in a loss of revenue" for its $30 million Hosted Exchange business, as well as other "incremental costs."

Details: Rackspace said Tuesday it has hired a "leading cyber defense firm" to investigate the attack, but the company is "unable to provide a timeline for restoration."

• The company hasn't disclosed how hackers gained access to its systems, who is behind the attack or how much data they were able to access before deploying the ransomware.
• Rackspace has isolated the affected servers and is recommending that affected customers transfer their email servers to a Microsoft 365 cloud-based account, which "can be challenging," the company said.
• Customers can also set up email forwarding to an external email address for new, incoming emails while they set up a Microsoft 365 account, Rackspace said.

Between the lines: While Rackspace has promised to help customers set up and configure Microsoft 365 accounts, customers have been flooding social media since the outage about a lack of communication from the company and unanswered support tickets.

• Stephanie Atkinson, CEO of Compass Intelligence and a 17-year Rackspace customer, told Axios she still doesn't know if her emails, contact lists or calendar are safe from hackers' reach. She chose to leave Rackspace for GoDaddy earlier this week.
• "There's no way I'm going to get into the chat or 800-number queue because I'm seeing just nightmare four-or-five hours and then people get hung up on," Atkinson said of Rackspace's support operations.
• Another anonymous customer told Axios they feel like they're being "held hostage" and would rather Rackspace focus on bringing servers back online instead of pushing upgrades to Microsoft 365 accounts. The customer says they now have seven Exchange platforms with email data that they're worried about.

What they're saying: Silva, the Rackspace spokesperson, told Axios the company has added "surge capacity" to the support team to help with long wait times, and the company is "partnering with our industry partners to add hundreds of additional resources to our extended team."

Sign up for Axios’ cybersecurity newsletter Codebook here.