One of the most disturbing and underreported stories of the past week was the ransomware attack on
Technology, an internet infrastructure company that, among other things, provides hosting services for small and medium-size businesses that rely on
Exchange software for email, calendaring, and contact management.
More than a week ago, Rackspace (ticker: RXT) took its Exchange servers offline, citing what it initially described as only a security incident but later confirmed to be a ransomware attack. As of Thursday—a week after the start of the outage—thousands of its customers were still feeling the effects of the incident. Rackspace advised customers to shift to an alternative version of the software hosted by Microsoft (MSFT) directly, a painful and complex switch that is only a partial fix for the issue; many customers still can’t get to their legacy email records.
Rackspace has been frustratingly closemouthed about the details. Company officials won’t say whether they intend to pay ransom to unlock their servers. They won’t identify the perpetrator or detail the attacker’s demands. They won’t say how much data is at risk or how many customers are affected. And they won’t provide a guess on when the issue will be resolved.
While I remain a big believer in cloud computing, the Rackspace attack is an urgent reminder of the risks in relying on it for mission-critical applications if your provider isn’t keeping up with software patches and paying attention to security risks. Since the incident came to light, Rackspace shares have tumbled by a third. This is a relatively small part of the company’s business, only about $30 million a year in revenue. But the bad blood that Rackspace is generating will leave a lasting stain.
Write to Eric J. Savitz at firstname.lastname@example.org