Eight months after the cyberattack, the cloud hosting services company's remediation costs top $10 million as it tries to repair the damage caused by the Play ransomware gang.

Dark Reading Staff, Dark Reading

August 29, 2023

1 Min Read
An image of multiple hundred-dollar bills
Source: Pixabay

After being hit with a ransomware attack at the end of 2022, Rackspace is now faced with fronting the cost of the cleanup, as well as legal fees, which at present have amounted to $10.8 million

The attack, which occurred in December 2022, disrupted email service for thousands of the customers of the managed cloud hosting services company, which are mostly small-to-midsize businesses. The ransomware attack came in the form of a zero-day exploit against a server-side request forgery vulnerability within the Microsoft Exchange server at the hands of Play ransomware group. The vulnerability — known as CVE-2022-41080 — was patched by Microsoft a month before the attack.

In a US filing, the company noted how the expenditures largely go to "costs to investigate and remediate, legal and other professional services, and supplemental staff resources that were deployed to provide support to customers." 

In addition to those costs, Rackspace has been named in multiple lawsuits due to the ransomware attack, many of which are seeking compensation via monetary funds, among other things. 

Rackspace expects a significant amount of the costs to be reimbursed by cyber-insurance companies. It has not noted whether or not it paid the initial ransom request. 

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights