Cybercrime , Cybercrime as-a-service , Fraud Management & Cybercrime
Rackspace Warns of Phishing Attempts Post-Ransomware
Class Action Lawsuit Filed Against Rackspace for NegligenceHosted services company Rackspace is warning customers about the increasing risk of phishing attacks following a ransomware attack causing ongoing outages to its hosted Exchange environment.
See Also: Gartner Guide for Digital Forensics and Incident Response
Texas-based Rackspace experienced a disruption in its Microsoft email service servers that it at first described as a "security incident" (see: Rackspace Hosted Exchange Still Offline Over Security Issue).
Later, the company said in an update that it now believes the "suspicious activity was the result of a ransomware incident." The company is currently engaged with cybersecurity firm CrowdStrike to investigate and put remediation measures in place, it said in a Friday update.
"Due to swift action on the Company's part in disconnecting its network and following its incident response plans, CrowdStrike has confirmed the incident was quickly contained and limited solely to the Hosted Exchange Email business," the company said.
Rackspace did not disclose any particular ransomware actor and it says the incident has not affected Rackspace's other services.
Texas-based Rackspace is among the world's largest managed cloud providers, counting more than 300,000 customers worldwide, including two-thirds of the world's 100 largest publicly traded businesses.
In a filing with the Securities and Exchange Commission, the company said the ongoing service disruption will likely create a financial loss for its Hosted Exchange business, which generated approximately $30 million annually in revenue.
Phishing Attacks
Rackspace warns about scammers and cybercriminals who may take advantage of the current situation by pretending to be the support staff of Rackspace offering help in transitioning to Microsoft 365 and getting your email back up and running.
"Emails from Rackspace will only have the domain name @rackspace.com without any special characters or numbers and phone interactions with Rackspace support will not include requests for login credentials, or personal information such as Social Security number or driver's license," the company says.
The company also shared a list of best practices, including changing passwords in regular intervals, using different passwords across personal and professional accounts and monitoring banking account statements and credit reports for suspicious activity.
Apart from staying vigilant, the company also recommends:
- Do not open any suspicious email attachments.
- Do not click on any suspicious links.
- Ensure that you recognize the sender and the email domain. Scammers will often try to mask emails to make them look legitimate. Be wary of suspicious emails, including those with typos or claims of "urgent request."
- Do not respond to a message from an individual you do not recognize. Log in to your control panel and create a ticket, including details about the message you received.
Class Action Lawsuit
California-based law firm Cole and Van Note last week announced that it is filing a "class action lawsuit against Rackspace Technology, Inc. for negligence and related violations arising out of the email hosting provider's recent high-profile data breach."
"Rackspace offering opaque updates for days, then admitting to a ransomware event without further customer assistance is outrageous," says Scott Cole, the principal attorney on the case. "Despite hundreds of data breaches every year in this country, I am receiving reports of vulnerabilities in Rackspace's hosting environment that go back over a year."
Cole also said the lawsuit is critical sue to the seeming lack of backup protocols the company had in place.
In addition to monetary damages, the suit also demands that Rackspace Technology implement and maintain sufficient security protocols going forward so as to prevent future attacks.