Rackspace Sunsets Email Service Downed in Ransomware Attack

The hosting services provider shared new details on the breach that took down its Hosted Exchange Email service.

Rackspace has completed its forensic investigation into the Dec. 2 ransomware attack that took down its Hosted Exchange Email service, and announced that it will discontinue that offering and transition it to cloud-based Microsoft 365.
The company said it has no plans to rebuild the hosted Exchange server environment, which has been down since the attack, and that it already had been on track to migrate to 365 before the ransomware incident.
Rackspace had
decided not to apply Microsofts ProxyNotShell patch
to its Exchange Servers amid concerns over reports that the software update caused authentication errors that the company feared could take down its servers. Instead, it stuck with Microsofts recommended mitigations for the vulnerabilities to thwart a ProxyNotShell attack.
That strategy fell apart, as the Play ransomware group was able to bypass Microsofts mitigations with a new exploit abusing the
CVE-2022-41080
vulnerability that breached Rackspaces Hosted Exchange systems.
Microsoft disclosed CVE-2022-41080 as a privilege escalation vulnerability and did not include notes for being part of a remote code execution chain that was exploitable, Rackspace noted in a post today.
According to the managed cloud hosting services company, the attackers grabbed the Personal Storage Tables (PSTs) of 27 of its around 30,000 Hosted Exchange customers, but there is no evidence the Play hackers ever viewed or distributed the pilfered information.
Customers who were not contacted directly by the Rackspace team can be assured that their PST data was not accessed by the threat actor, the company said. As a reminder, no other Rackspace products, platforms, solutions, or businesses were affected or experienced downtime due to this incident.
Meanwhile, the email data recovery efforts remain underway for its Hosted Exchange customers, with more than half of impacted customers regaining access to some or all of their data. Recovered data is available for download via the customer portal, the company said, adding that it plans to offer an on-demand option for customers who want to access their data that way.
However, less than 5% of those customers have actually downloaded the mailboxes we have made available, Rackspace asserted in its post. This indicates to us that many of our customers have data backed up locally, archived, or otherwise do not need the historical data.
Rackspace said its proactively contacting customers for which it has recovered more than half of their mailboxes.
To check if your historical email data is available, please follow Step 2 on our
Data Recovery Resources page
and see if your mailbox is ready to download, the company said in
its post
, which provides additional resources as well.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Rackspace Sunsets Email Service Downed in Ransomware Attack