Customers are struggling at Rackspace. The company is investigating a ransomware attack that led the business to shut down its Hosted Exchange environment.
Rackspace’s Hosted Exchange service, which allows businesses to utilize Microsoft Exchange servers for email, began having issues on Friday, December 2nd. The corporation acknowledged the issues early in the day and informed clients that the Exchange environment had to be taken down owing to a “severe malfunction.”
Rackspace stated on Saturday, over 24 hours after the outage began, that the problems were caused by a “security event.”
Rackspace stated this morning that this was the result of a ransomware attack.
Users have been urged to utilize Microsoft 365 for email services until the problem is fixed. Customers that are affected will be given free access to the service. Rackspace claimed in the most recent report that it had restored email capabilities to thousands of Microsoft 365 users.
“We proactively shut down the environment to avoid any further issues while we continue work to restore service. As we continue to work through the root cause of the issue, we have an alternate solution that will re-activate your ability to send and receive emails.” Rackspace stated on Friday.
Kevin Beaumont, a security researcher, believes the event may have included the exploitation of existing Microsoft Exchange vulnerabilities, notably CVE-2022-41040 and CVE-2022-41082, which are known as ProxyNotShell.
ProxyNotShell was discovered in late September when a Vietnamese cybersecurity firm saw it being used in attacks. As a result, Microsoft acknowledged the exploitation and associated the attacks with a nation-state hacking group.
The IT titan raced to offer mitigations, but experts demonstrated that these could be easily circumvented. Microsoft, on the other hand, only delivered fixes in November.
Beaumont just discovered that a Rackspace Exchange server cluster that is presently down was running a build number dated August 2022. Given that the ProxyNotShell weaknesses were only resolved in November, it’s feasible that threat actors used the holes to compromise Rackspace servers.
What is Ransomware?
Ransomware is a type of malicious software that encrypts a victim’s files. The attackers then demand a ransom from the victim to restore access to the files, often threatening to publish or delete the files if the ransom is not paid. It is a serious threat to individuals and organizations, as it can cause significant financial loss and disrupt critical operations.
How to Protect yourself from Ransomware?
The best way to defend against ransomware is to prevent it from happening in the first place. This can be done by taking the following steps:
- Keep your operating system and software up to date with the latest security patches. This can help prevent attackers from exploiting known vulnerabilities in your system.
- Use a reliable antivirus program and keep it up to date. This can help detect and block ransomware before it can encrypt your files.
- Be cautious when opening email attachments and avoid downloading files from unknown or untrusted sources. Ransomware is often distributed through email attachments or malicious links.
- Regularly back up your important files and keep the backups in a secure location. This way, even if your files are encrypted by ransomware, you will still have copies of them that you can restore.
- Enable the “Show file extensions” option in Windows, so you can see the full file name and extension. Ransomware often uses file names that are similar to legitimate ones, but with a different extension (such as .exe or .vbs) that indicates it is a program.
- Be careful when clicking on links, even if they look legitimate. If you receive an email or a message that asks you to click on a link, hover your mouse over the link to see the full URL before clicking. If the URL looks suspicious, do not click on it.
- Use a pop-up blocker to prevent malicious websites from opening automatically. Some ransomware is distributed through pop-up ads that appear on websites.
By following these steps, you can significantly reduce your risk of falling victim to ransomware. However, it’s important to remember that no defence is foolproof, so it’s always a good idea to be cautious and stay alert for potential threats.
Sharing is Caring!
You are welcome to put this blog article on your website, provided you also append an active link to our website “Source: https://resources.rhyno.io”
For media enquiries, contact us at [email protected].
MANAGED CYBERSECURITY SOLUTIONS
Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.
About Rhyno Cybersecurity Services
Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.
Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.