Rackspace identifies hacking group responsible for early December ransomware attack
A hacking group called “Play” was responsible for the early December ransomware attack against local cloud-computing company Rackspace, according to a company representative.
The Rackspace representative said the cybersecurity firm CrowdStrike assisted Rackspace’s investigation into the attack on the company’s Hosted Exchange platform.
The attack left tens of thousands of users without access to their emails and spawned multiple class-action lawsuits against the company over what plaintiffs said was its failure to secure their systems and user data.
CrowdStrike’s investigation found that the hacking group used a previously unknown zero-day exploit to gain access to Rackspace’s systems.
While it was still unclear whether any user data was exposed as a result of the attack, a Rackspace spokesperson said the company would release more information next week, following the conclusion of the investigation.
Class-action lawsuits against the company involve accusations that Rackspace failed to secure its systems, failed to secure user data, and failed to inform customers of the security breach in a timely manner, causing a disruption in business activity.
While most Hosted Exchange users have been unable to access their emails, the spokesperson said some users with more than 50% of their inboxes recovered had begun to be able to download that data.
The spokesperson also said Rackspace expects to recover data for the vast majority of its users, though did not say how much data could be recovered for users.
The company offered customers the option to transfer to Microsoft 365 for free as the investigation continues. Rackspace’s stock price has deflated by nearly 40% since the beginning of December.