After being hit with a ransomware attack at the end of 2022, Rackspace is now faced with fronting the cost of the cleanup, as well as legal fees, which at present have amounted to $10.8 million.
The attack, which occurred in December 2022, disrupted email service for thousands of the customers of the managed cloud hosting services company, which are mostly small-to-midsize businesses. The ransomware attack came in the form of a zero-day exploit against a server-side request forgery vulnerability within the Microsoft Exchange server at the hands of Play ransomware group. The vulnerability — known as CVE-2022-41080 — was patched by Microsoft a month before the attack.
In a US filing, the company noted how the expenditures largely go to "costs to investigate and remediate, legal and other professional services, and supplemental staff resources that were deployed to provide support to customers."