Texas-based cloud computing service provider Rackspace has suffered a massive outage of its hosted Microsoft Exchange environment due to a security incident. Initially, a large number of users around the world experienced login and connection issues. Later, on December 6, 2022, it was revealed that it was a ransomware attack that isolated part of the hosted Exchange environment.
Since Friday, December 2, 2022, thousands of Rackspace Hosted Exchange users have been struggling with email issues, which in turn has hindered many people’s business operations. The company clarified that the ransomware attack was limited to Exchange and had no impact on Rackspace’s email service after customers, primarily small and medium-sized businesses, reported connectivity and login issues. It is unclear whether customer or employee data was compromised. “Our investigation is still in the early stages and it’s too early to tell what data, if any, was affected. If we determine that sensitive data was affected, we will notify our customers accordingly,” Rackspace said. Rackspace said it has restored services to thousands of customers by migrating them to Microsoft 365 with Microsoft Exchange Plan 1 licenses. The company is also offering email forwarding to affected customers and said it is working with a cyber defense firm to investigate the incident and restore services to remaining customers.
Security researcher Kevin Beaumont has reasons to believe the Rackspace ransomware attack was carried out through ProxyNotShell (This was discovered in Microsoft’s exchange server and was put in the category of Server-Side Request Forgery (SSRF) with the CVE-2022–41040) vulnerabilities recently discovered in Microsoft Exchange.
In General, The Cause Of Ransomware Attacks:
- Phishing emails: –By far the most common vector for any malware, but especially ransomware, is phishing emails. Users accidentally click on a malicious link or download something they should not have. Shortly after this accidental mistake, all files within the organization may be encrypted
- Less user awareness: –If users within the organization are not educated on basic security threats, this provides multiple opportunities for malicious actors to penetrate your organization’s systems and encrypt files. Some of the more security-minded companies also offer incentives for security compliance. After all, a small bonus is less expensive than a full-blown breach.
The Consequences Of The Ransomware Attack:
Ransomware is a type of malware, that threatens to publish the victim’s personal data or permanently block access to it unless a ransom is paid.
Enterprises are experience downtime due to ransomware attacks. In this case, it is downtime where a company experiences less than 100% productivity or significant business disruption, brand reputation damage, and it is now common knowledge that cyber attackers find additional vulnerabilities when they first attack companies’ systems IT and are more likely to exploit them if they know companies are willing to pay large ransoms.
What You Can Do To Protect Your Business From Rackspace Ransomware :
There are some things business owners can do to protect themselves from ransomware attacks. The IC3 of FBI found that most ransomware attacks primarily use three attack vectors: Software vulnerabilities, phishing emails and remote desktop exploitation
- Make sure all your software is up to date and that you have a good antivirus program installed
- Create backups of your data and keep them in a safe place.
- Conduct regular security training for all employees explaining what ransomware is and how to protect against it. Your employees should especially know about phishing emails, and you can test their security awareness with regular phishing tests
- If your business does not require remote access software like Remote Desktop Protocol, disable it. If you need this software to work remotely, secure it with multi-level authentication and create a unique, strong password.
- Finally, if you get infected with ransomware, do not pay the ransom. There is no guarantee that you will get your data back even if you pay the ransom.
How ParadigmIT Cyber Secures You From Ransomwares :
- One of the biggest causes for ransomwares is Less user awareness, our company provides technical awareness and training exercise.
- We provide (EDR)Endpoint detection and response tool that collect, record, and store large volumes of data from endpoint activities to provide security professionals with the comprehensive visibility they need to detect, investigate, and mitigate advanced cyber threats.
Resources :
https://www.spiceworks.com/it-security/security-general/news/rackspace-ransomware-attack/
https://www.malwarebytes.com/blog/news/2022/12/rackspace-confirms-it-suffered-a-ransomware-attack
https://www.egnyte.com/blog/post/5-ways-ransomware-can-negatively-impact-your-business
https://www.businessnewsdaily.com/security/ransomware
https://www.statista.com/statistics/700965/leading-cause-of-ransomware-infection/
For further clarifications or support, please write to contact@paradigmitcyber.com