Rackspace Technology continued efforts to move customers over to Microsoft 365 after a Dec. 2 ransomware incident disrupted service for thousands of businesses that accessed email through the company’s Hosted Exchange environment.
Rackspace on Friday said more than two-thirds of Hosted Exchange customers were able to access email. All customers who reached out to the company had been transitioned over to Microsoft 365.
Rackspace said Hosted Exchange represents about 1% of the company’s annual revenue and is comprised of mainly small and medium-sized business, according to a filing with the Securities and Exchange Commission. No other Rackspace platforms or services were impacted.
“Our information security team had strong incident response protocols in place that led to the quick containment of the ransomware attack,” Josh Prewitt, chief product officer at Rackspace, said in the filing. “We invest time and resources in cybersecurity — we take our processes and procedures very seriously around cyberthreats.”
The company also said in the filing that it maintains cybersecurity insurance commensurate with the size of the business and is confident in its ability to absorb potential financial costs associated with the ransomware incident.
In a Sunday update, Rackspace said its team of surged staffers, along with Microsoft FastTrack teams, were working to support the remaining Hosted Exchange customers move to Microsoft 365. Wait times were running less than 30 minutes, according to Rackspace.
A video tutorial is still available to help customers with the transition.
CrowdStrike is working with Rackspace to investigate the ransomware attack and remediate the incident, according to Rackspace officials. CrowdStrike has confirmed the ransomware attack was limited to the Hosted Exchange environment, according to Rackspace.
Temporary solutions were still available to allow Hosted Exchange customers to have mail forwarded to an external email address, while awaiting Microsoft 365 access.
Rackspace is working with one of its partners Barracuda to make sure email archiving was still available. Despite the ransomware incident, the archiving service is working normally, Rackspace said.
Rackpace reminded customers to look out for unauthorized actors pretending to be from Rackspace. Rackspace emails only use the @rackspace domain name without special characters or numbers.
Also during phone interactions, Rackspace will not ask for login credentials, social security numbers or driver’s license information.