back to article Rackspace blames ransomware woes on zero-day attack

Rackspace has confirmed the Play ransomware gang was behind last month's hacking and said it won't bring back its hosted Microsoft Exchange email service, as it continues working to recover customers' email data lost in the December 2 ransomware attack. Rackspace said "more than half" of its customers who lost their hosted …

  1. Anonymous Coward
    Anonymous Coward

    Not us then

    So not our fault then. Nice.

    1. Nate Amsden

      Re: Not us then

      Microsoft would say the same if you use Office 365, backups are the responsibility of the customer.

      https://learn.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility

      Welcome to cloud.

      (myself I have self hosted email for 24 years, and haven't been responsible for corporate email since 2002 at that point ran email with postfix/cyrus imap which is what I use for home still)

      1. Anonymous Coward
        Anonymous Coward

        Re: Not us then

        Thanks for posting that link - I know it has always been buried in the T&C, but never seen it explicitly set out like that. I've been on self hosted email since about the same time, been a mixed bag of postfix/courier imap, Zimbra, Exchange for a while, then back to Postfix. I worked for an entity providing hosted Zimbra for some years which was interesting (Zimbra's support was superb at the time BTW). I was looking after on-prem Exchange until I retired last year, with far better availability than 365, but it's a losing prospect now; MS are making it clear that they're not putting resources into it any longer with their actions, if not their words.

        1. Nate Amsden

          Re: Not us then

          sure thing, I didn't know it myself until about a month ago(not my fault as I have never been responsible for Office 365 nor exchange in my career), I knew there were office 365 backup solutions out there, and was looking into them a bit more out of curiosity and saw them quote that Microsoft site.

          It's pretty bad that most office 365 admins don't seem to understand it, and are just assuming MS is invincible and they don't have to worry about backups, at least in my experience seeing people write "you should just move to office 365", almost never have I seen them also say "oh but you need to keep your own backups too".

          I am not sure if Rackspace had any formal way for customers to take proper backups (aside from outlook archives).

        2. -v(o.o)v-

          Re: Not us then

          Why would anyone use anything else than dovecot? That's a real question - I don't understand why.

          1. Anonymous Coward
            Anonymous Coward

            Re: Not us then

            Simple answer is Activesync - seems like if your setup doesn't support that then vast number of people aren't interested in it.

  2. Anonymous Coward
    Anonymous Coward

    So we've now got to the stage where we have a constant trickle of zero-days in Exchange that seemingly don't affect 365 - almost like MS want people to move off on-prem, isn't it. Hopefully people will take the hint that on-prem Exchange is dead and look at other on-prem solutions rather than rushing to join the sheeple on 365.

    1. Anonymous South African Coward Bronze badge

      We are on 365 - but I urge that people do look at on-prem alternatives, purely because of administration.

      I'm dreading the day when O365 also will get cryptolocked one way or the other, because all it takes is one person and one mistake.

      1. sitta_europea Silver badge

        "... all it takes is one person and one mistake."

        And so, if only for that reason, it's inevitable.

  3. Missing Semicolon Silver badge
    Flame

    Even so....

    Still no freakin' backups.

  4. Tom Paine
    Mushroom

    "Zero day exploit"?

    Captain Pedant here.... Zero Day *vulnerability* - yes, that's a thing. But it makes no sense to use the expression for exploit code for a known vulnerability, presumably to imply that no blame should attach to an org popped by an exploit that hasn't been seen before, even if the vulnerability it attacks was known to the vendor and a fix or patch was available. Poppycock and bafflegab! Sig based IDS, EOR, AV and so on don't only look for the sigs of doecifuc exploit code, but for specific byte sequences that trigger the vulnerability, *whatever* the code that produces it looks like. Polymorphic malware is hardly new! If a patch was available but hadn't been applied, it's the victim who left themselves vulnerable. (OK there's wiggle room because it legit takes time to apply patches to prod systems; though figuring out how many corners to cut to get it done, depending on value of assets, probability of attack, risk if the update goes wrong, etc, is what risk management is for.)

  5. John Brown (no body) Silver badge

    More than 50% have access to some or all of their data

    No one seems to have picked up on that figure yet. Clearly it's not as high as 60%, or they'd have used a higher number in the PR. So it's possibly as low as 50% + 1 user. And they didn't even bother to break down how many have access to ALL of their data, so clearly that's too embarrassing to mention. Access to SOME of their data may not be very useful to many users. Access to MOST of their data might be useful. Too many weasel words and caveats in the PR for my liking.

  6. Anonymous Coward
    Anonymous Coward

    ""Less than 5 percent of those customers have actually downloaded the mailboxes we have made available. This indicates to us that many of our customers have data backed up locally, archived, or otherwise do not need the historical data," the beleaguered biz said.""

    Or they don't trust that data enough to import it into their on-prem environment.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like