Article Details

Rackspace racks up $12M bill in ransomware raid recovery. And that's not counting the incoming lawsuits. Rackspace's costs from last year's ransomware infection continue to mount: the cloud hosting biz told America's financial watchdog, the SEC, its total expenses to date regarding that cyberattack have reached $12 million – so far. The extortionware raid on the IT provider, initially described as a "security incident," hit Rackspace's hosted Microsoft Exchange on December 2, 2022, shutting down email services to thousands of customers, most of whom were small and mid-sized businesses. Four days later, the corporation determined that a ransomware infection was responsible for the email meltdown, which lasted into January. Rackspace ultimately blamed the Play crew for the intrusion, and said the miscreants broke in after exploiting CVE-2022-41080, a critical Exchange privilege escalation bug, before Microsoft could issue a fix. In its most recent 10-Q quarterly report to the SEC, Rackspace said it racked up $5.1 million in ransomware-related expenses between April and September 30, 2023. These costs included investigation, remediation, legal and other expenses tied to the security snafu. Also during this nine-month period, Rackspace received $5.4 million in insurance payouts. However, per the 10-Q, the ongoing lawsuits filed in response to the email disruption may mean an even bigger financial hit: We are named in several lawsuits in connection with the December 2022 ransomware incident which caused service disruptions on our Hosted Exchange email business. The pending lawsuits seek, among other things, equitable and compensatory relief…at this early stage in the proceedings, we are not able to determine the probability of the outcome of these matters or a range of reasonably expected losses, if any. Rackspace declined to comment on its ransomware-related losses and legal battles. "Rackspace Technology does not disclose any information regarding pending litigation other than what may be required in connection with our SEC filings," a spokesperson told The Register. In an earlier quarterly expense report, Rackspace told the SEC that it had spent $6.6 million in ransomware-related costs. This brings the total spent to date to $11.7 million.