At the beginning of December, US cloud provider Rackspace was hit by a ransomware attack that crippled its Hosted Exchange environment, meaning that thousands of its customers can no longer access the provider’s Hosted Exchange services.
In this blog post, we explain why failure of the Hosted Exchange environment has had such serious repercussions for Rackspace’s cloud-service customers, and how they can protect themselves against incidents like these in the future.
- The Rackspace Ransomware Attack and its Repercussions
- Email Archiving: an Important Pillar of a Company’s Cyber Resilience Strategy
- Migration of Affected Customers to Microsoft 365
- Takeaways of the Rackspace Ransomware Attack
The Rackspace Ransomware Attack and its Repercussions
A ransomware attack has crippled Rackspace’s Hosted Exchange environments, with the result that thousands of its customers can no longer access their data (especially email data) stored on Rackspace’s Hosted Exchange server. It’s not yet clear when Rackspace’s Hosted Exchange environment will be up and running again.
Because emails are still the most important means of communication for many companies and often contain large amounts of business-critical information, a lack of access to these data can paralyze a business, with serious repercussions for company earnings. Both in-house communication and communications with customers and partners (for orders, contracts, and payments, etc.), even searching through old emails and file attachments, become impossible.
“The incident shows once again that emails are not automatically secure in the cloud. Companies need to take responsibility for their own data – regardless of whether the information is stored on-premises or with a cloud services provider. Any information contained in emails can become inaccessible from one moment to the next – not only as a result of a cyber-attack, but also through accidental deletion or server failure,” commented Roland Latzel, Senior Director of Marketing at MailStore.
Although cloud providers are responsible for ensuring that their services are permanently available, responsibility for protecting the data being managed in the provider’s cloud services lies with the customer. This is known as the shared responsibility model.
Email Archiving: an Important Pillar of a Company’s Cyber Resilience Strategy
In light of this shared responsibility, the increasing use of cloud services and the steady rise in the number of cyber-attacks have prompted many companies to take precautions to ensure that business remains sustainable in an emergency, or at least that operations can be resumed as soon as possible. The risk of relevant systems failing and data being lost must be avoided or minimized as far as possible (the buzzword here is business continuity). Realistically, it’s not so much a question of if as when a company is going to be hit by a cyber-attack.
The processes and activities defined as part of these precautions are incorporated in what is known as a cyber-resilience strategy that takes into account as many of the risks that could potentially result in the failure of important systems and the loss of business-critical data.
In the specific case of Rackspace, affected customers using an independent, professional email archiving solution can still access their email data even if Rackspace’s Hosted Exchange server is currently out of reach. A professional email archiving solution stores faithful copies of a company’s entire email stock in a central, provider-independent archive, irrespective of whether these mails are spread throughout the company on users’ PCs (e.g. as PST files) or located on individual or shared mailboxes on the mail server. It’s also possible to have a company’s emails archived directly the moment they are sent or received (known as journaling). Since the archive remains available even if the cloud platform fails, a full-scale interruption of business is avoided. Even if emails cannot be recovered within the cloud service following an event such as this, they will still be accessible and recoverable via the archive. Protecting email data over time can help with regulatory compliance, too.
Migration of Affected Customers to Microsoft 365
In the wake of the attack, Rackspace has begun migrating affected customers to Microsoft 365 to ensure the availability of email services. To date, thousands of customers and tens of thousands of users have been migrated to Microsoft 365. If you’re considering migrating to Microsoft 365 yourself, a professional email archiving solution can be an important aid here too. Click here to find all the information you need to migrate from Microsoft Exchange Server to Microsoft 365.
Takeaways of the Rackspace Ransomware Attack
The ransomware attack on Rackspace shows once again that emails are at risk in the event of system failure. Clean backups are a minimum requirement. But backups alone cannot guarantee the integrity of a company’s entire email inventory, and this is where the archiving of business emails plays a supplementary role. The unscheduled failure of a cloud provider’s systems will likely impact a customer’s business activities severely, with additional potential repercussions such as loss of reputation. To ensure business continuity in cases such as these, a cyber-resilience strategy needs to be developed beforehand. As part of this strategy, a professional email archiving solution can help maintain access to a company’s complete email inventory even if the cloud platform fails, so that business-relevant information can continue to be used.