November 16, 2023 at 04:28PM
Rackspace has revealed that its expenses from a ransomware attack last year have now reached $12 million. The attack, initially described as a security incident, disrupted email services for thousands of customers. Rackspace attributed the intrusion to the Play crew, who exploited a critical Exchange bug. The company incurred costs for investigation, remediation, legal fees, and other expenses. Ongoing lawsuits related to the incident may result in further financial implications.
According to meeting notes, Rackspace has incurred a total of $12 million in expenses as a result of a ransomware infection last year. The attack, initially referred to as a “security incident,” affected Rackspace’s hosted Microsoft Exchange, causing email disruptions for thousands of customers, mostly small and mid-sized businesses. It was later determined that the ransomware attack was responsible for the email meltdown, and Rackspace attributed the intrusion to the Play crew, who exploited a critical Exchange privilege escalation vulnerability (CVE-2022-41080) before Microsoft could provide a fix.
In their recent 10-Q quarterly report to the SEC, Rackspace disclosed that they incurred $5.1 million in expenses related to the ransomware incident between April and September 30, 2023. These expenses cover investigation, remediation, legal fees, and other costs associated with the security incident. Additionally, Rackspace received $5.4 million in insurance payouts during the same period.
However, the ongoing lawsuits resulting from the email disruption may result in further financial implications for Rackspace. The company declined to comment on the exact losses and legal battles in progress, stating that they only disclose information about pending litigation as required in their SEC filings.
In a previous quarterly expense report, Rackspace stated that they had already spent $6.6 million on ransomware-related costs. As a result, the total amount spent so far on the incident stands at $11.7 million.