Cloud computing giant Rackspace has confirmed that it has been hit by a ransomware attack that has left a number of its customers without access to email.
Rackspace’s hosted Microsoft Exchange service started experiencing problems on Friday last week. At the time, Rackspace posted a notice on its status page saying that due to a “security incident,” it had “powered down and disconnected” the service. In an update published on Tuesday, Rackspace has confirmed that a ransomware attack is behind the ongoing outage.
“As you know, on Friday, December 2nd, 2022, we became aware of suspicious activity and immediately took proactive measures to isolate the Hosted Exchange environment to contain the incident,” the company said in a statement on Tuesday. “We have since determined this suspicious activity was the result of a ransomware incident.”
Rackspace says that the investigation, led by an unnamed cyber defense firm, is in its early stages and that the company has yet to determine “what, if any, data was affected.” The company added that if it determines that sensitive information was affected, it will “notify customers as appropriate.”
When asked by TechCrunch, Rackspace spokesperson Natalie Silva declined to share any more information about the nature of the incident or how the hackers were able to compromise its systems.
However, security researcher Kevin Beaumont believes the incident may involve exploitation of the Microsoft Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082, better known as ProxyNotShell. ProxyNotShell first came to light in August after Vietnamese cybersecurity company GTSC observed it being exploited in the wild. Microsoft confirmed exploitation the following month and linked it to a state-sponsored hacker group.
The issues affecting Rackspace’s hosted Microsoft Exchange service remains ongoing at the time of writing. The company is currently moving its Hosted Exchange customers over to Microsoft 365 to limit disruption.
Disrupt 2026: The tech ecosystem, all in one room
Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register now to save up to $400.
Save up to $300 or 30% to TechCrunch Founder Summit
1,000+ founders and investors come together at TechCrunch Founder Summit 2026 for a full day focused on growth, execution, and real-world scaling. Learn from founders and investors who have shaped the industry. Connect with peers navigating similar growth stages. Walk away with tactics you can apply immediately
Offer ends March 13.
Rackspace noted that the ransomware incident could result in lost revenue for its hosted exchange business, which generates about $30 million a year. The company added that it could have incremental costs associated with its response to the incident.
