At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Rackspace warns of phishing risks following ransomware attack

    Cloud computing provider Rackspace warned customers on Thursday of increased risks of phishing attacks following a ransomware attack affecting its hosted Microsoft Exchange environment.

    While the company is still investigating the incident and is working on bringing affected systems back online, it says that cybercriminals might also take advantage and exploit this incident for their own purposes.

    “If you do receive a message from an individual you do not recognize, do not reply. Please login to your control panel and create a ticket, including details about the message you received,” Rackspace said.

    “We understand that contact such as this may be alarming, but we currently have no evidence to suggest that you are at increased risk as a result of this direct contact.”

    Rackspace added that customers could easily spot scammers attempting to steal their sensitive information since:

    • Emails from Rackspace will be sent from @rackspace.com emails (although attackers might still use a spoofed email address and redirect their targets to a landing phishing page)
    • Rackspace support will not ask for login credentials or personal information (e.g., social security number, driver’s license) during phone calls

    Even though the company is yet to reveal if it has any evidence that the attackers have stolen data from its systems during the breach, customers were advised to remain vigilant and monitor their credit reports and banking account statements for suspicious activity.

    Some customers are also reporting an increase in phishing emails impersonating Rackspace since the ransomware attack.

    Those affected by the Rackspace ransomware attack and outage should not open any suspicious email attachments or click any suspicious links.

    No details on attackers’ identity and their activity during the breach

    Rackspace has not provided details on the attackers’ identity and what data they could access or exfiltrate during the incident (if any) since it confirmed the ransomware attack behind the ongoing Hosted Exchange outage.

    However, it did say that the investigation, conducted by its internal security team with the help of a cyber defense firm, is in its early stages with no info on “what, if any, data was affected.”

    The cloud service provider added that it would notify customers if it found evidence that the threat actors gained access to their sensitive information.

    The company also revealed in a press release and an 8-K report filed with the U.S. Securities and Exchange Commission on Tuesday that it’s expecting a loss of revenue for its Hosted Exchange business which generates roughly $30 million in annual revenue due to the ransomware attack’s impact.

    “In addition, Rackspace Technology may have incremental costs associated with its response to the incident,” Rackspace added.

    Rackspace is also facing several class-action lawsuits for failing to disclose that the Hosted Exchange “security incident” was a ransomware attack, for its failure to protect the customers’ data, and for the impact the email service outage had on their businesses.

    With thanks to the Cyber Defence Alliance and Bleeping Computer. The full story is here: https://www.bleepingcomputer.com/news/security/rackspace-warns-of-phishing-risks-following-ransomware-attack/

    Request A Demo: Security Awareness Training

    New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!

    Request a Demo!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top