We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
The cookies that are categorised as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ...
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Performance cookies are used to understand and analyse the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
December 20, 2022
Today as we rush to remember our friends family and colleagues with cards, gifts or a simple phone call, some Rackspace customers are being forced to deal with ransomware chaos. A gap in cyber resilience means victims and their vendors are having to scramble. Rackspace ransomware ruined holiday cheer this year.
You may be aware of the ransomware breach two weeks ago at Rackspace NASDAQ: RXT. You may not know of the dramatic impact its having this holiday season on businesses who depend on Rackspace’s Hosted Exchange (read details here). Rackspace hasn’t gotten much done since, promising desperate clients at year end that data recovery will start “soon.” They’ve tapped CrowdStrike to deploy Endpoint Detection & Response tools (EDR). They’ve sent a small army to spread holiday cheer. These happy elves will conduct a mountain of recovery-focused services to make up for massive cybersecurity oversight.
Here’s a blurb of the process underway while clients desperately wait for full restoration;
Every device required “significant attention to examine and process it,” which the company said took a long time. “Following the manual removal of malicious files and additional scans to validate that each server was clean, we then released the servers with Falcon deployed on them into a clean environment and tagged them as ready for the next phase of the process.” The company then recovered the data on the process, and handed them over to CrowdStrike to validate.
“After the servers are cleared for extraction, Rackspace has created automation that opens the exchange database files and reviews the details of each individual PST file, then correlates it to a customer account,” the company said. “The correlated files are then routed to a staging environment, from which data will be extracted and released to customers by account.”
Rackspace warned that it could not promise that every PST file would be recoverable, as some of the files may corrupt.
Cyber insurers are increasingly demanding that EDR solutions be in place to qualify for coverage. Certified, regular testing and tabletop exercises be performed that demonstrates resilience to these breaches. Hosting companies, MSPs and IT companies supporting Rackspace services are now swamped helping clients. They’re spending up to 8 hrs/client to help them to restore email services. These services are not being provided by Rackspace. These are Microsoft 365 instances being resold inside a Rackspace sales portal. Worse, it’s still not working properly for many. The shit-show that is support has no handle on full recovery timelines, or if thats even possible.
Let TEKRiSQ help you with these things if you’re not already secured. Happy Holidays.