Rackspace blames ransomware woes on zero-day attack Rackspace has confirmed the Play ransomware gang was behind last month's hacking and said it won't bring back its hosted Microsoft Exchange email service, as it continues working to recover customers' email data lost in the December 2 ransomware attack. Rackspace said "more than half" of its customers who lost their hosted …
Microsoft would say the same if you use Office 365, backups are the responsibility of the customer.
https://learn.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility
Welcome to cloud.
(myself I have self hosted email for 24 years, and haven't been responsible for corporate email since 2002 at that point ran email with postfix/cyrus imap which is what I use for home still)
Thanks for posting that link - I know it has always been buried in the T&C, but never seen it explicitly set out like that. I've been on self hosted email since about the same time, been a mixed bag of postfix/courier imap, Zimbra, Exchange for a while, then back to Postfix. I worked for an entity providing hosted Zimbra for some years which was interesting (Zimbra's support was superb at the time BTW). I was looking after on-prem Exchange until I retired last year, with far better availability than 365, but it's a losing prospect now; MS are making it clear that they're not putting resources into it any longer with their actions, if not their words.
sure thing, I didn't know it myself until about a month ago(not my fault as I have never been responsible for Office 365 nor exchange in my career), I knew there were office 365 backup solutions out there, and was looking into them a bit more out of curiosity and saw them quote that Microsoft site.
It's pretty bad that most office 365 admins don't seem to understand it, and are just assuming MS is invincible and they don't have to worry about backups, at least in my experience seeing people write "you should just move to office 365", almost never have I seen them also say "oh but you need to keep your own backups too".
I am not sure if Rackspace had any formal way for customers to take proper backups (aside from outlook archives).
So we've now got to the stage where we have a constant trickle of zero-days in Exchange that seemingly don't affect 365 - almost like MS want people to move off on-prem, isn't it. Hopefully people will take the hint that on-prem Exchange is dead and look at other on-prem solutions rather than rushing to join the sheeple on 365.
Captain Pedant here.... Zero Day *vulnerability* - yes, that's a thing. But it makes no sense to use the expression for exploit code for a known vulnerability, presumably to imply that no blame should attach to an org popped by an exploit that hasn't been seen before, even if the vulnerability it attacks was known to the vendor and a fix or patch was available. Poppycock and bafflegab! Sig based IDS, EOR, AV and so on don't only look for the sigs of doecifuc exploit code, but for specific byte sequences that trigger the vulnerability, *whatever* the code that produces it looks like. Polymorphic malware is hardly new! If a patch was available but hadn't been applied, it's the victim who left themselves vulnerable. (OK there's wiggle room because it legit takes time to apply patches to prod systems; though figuring out how many corners to cut to get it done, depending on value of assets, probability of attack, risk if the update goes wrong, etc, is what risk management is for.)
No one seems to have picked up on that figure yet. Clearly it's not as high as 60%, or they'd have used a higher number in the PR. So it's possibly as low as 50% + 1 user. And they didn't even bother to break down how many have access to ALL of their data, so clearly that's too embarrassing to mention. Access to SOME of their data may not be very useful to many users. Access to MOST of their data might be useful. Too many weasel words and caveats in the PR for my liking.
""Less than 5 percent of those customers have actually downloaded the mailboxes we have made available. This indicates to us that many of our customers have data backed up locally, archived, or otherwise do not need the historical data," the beleaguered biz said.""
Or they don't trust that data enough to import it into their on-prem environment.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
