Cloud company Rackpace Technology recently completed its investigation into the December 2022 ransomware attack that left thousands of customers worldwide without access to their data.
The attack was one of many that made 2022 one of the worst years, if not the worst, on record for ransomware attacks. An annual SpyCloud survey found that 90% of organizations were impacted by ransomware in 2022, up from 2021’s 72.5%.
The hackers, affiliated with the ransomware gang known as Play, were able to access Rackspace customer data by attacking a small percentage of its Hosted Exchange customers. The attack struck the cloud provider’s Hosted Exchange environment, forcing Rackspace to shut down the service and migrate customers to Microsoft 365.
The ransomware attack has led to at least two lawsuits being filed against the Texas-based company. Rackspace has been criticized over its initial response to the attack, which took several days. Rather than apply a patch for the vulnerability, security teams at Rackspace chose to mitigate it.
The hackers used a new method to penetrate the cloud computing company’s hosted Microsoft Exchange network, leaving its customers without access to their email, contacts and calendars.
Rackspace has reported that the hackers gained access to the personal data of 27 customers, including PST files which are typically used to store backup and archived copies of emails, calendar events and contacts from Exchange accounts and email inboxes.
This recent attack is just one of many that highlights the risks of ransomware. Here are a few highlights of findings from the ThreatLabz 2022 Ransomware Report:
- Ransomware attacks increased by 80% year-over-year
- Nearly one in five ransomware attacks target manufacturing businesses, making the industry the most targeted for the second year in a row.
- Healthcare (650% increase) and Restaurant and Food Service (450%) industries saw the biggest growth of ransomware attacks over 2021.
- Supply chain ransomware attacks are multiplying damages and allowing attackers to bypass traditional security controls.
Ransomware attacks can cause a trickle down effect as cybercriminals take advantage of customer vulnerability, targeting them for other scams such as phishing. Rackspace officials issued an alert to customers after the ransomware incident, warning them that phishing incidents may be on the rise. They were advised to be wary of emails sent from spoofed email addresses, as well as messages requesting login credentials or personal details, which would not be asked by official Rackspace support. Identity theft protection software can help thwart such attacks, but individual computer users still need to be cautious of any potential phishing threats.
Ransomware is not going away any time soon and predictions for 2023 from cyber security experts are looking bleak. While companies are ramping up cybersecurity, criminals are becoming more sophisticated.
