The recent ransomware attack on Rackspace was carried out by a financially motivated threat actor. Service disruptions knocked thousands of its Hosted Exchange customers offline.

Rackspace hasn’t released any further information about the attacker.

Earlier this week, Rackspace warned of the likelihood of phishing attacks exploiting the ransomware attack.

“In situations like these, it’s common for scammers and cybercriminals to try to take advantage,” a Rackspace spokesperson said. “We currently have no evidence to suggest that customers are at increased risk as a result of this direct contact. However, we have reminded all of our customers of best practices around to keep their accounts safe.”

Rackspace is continuing to reach out to customers to provide support in migrating to Microsoft 365. More more than three quarters of its customers on the Hosted Exchange email environment are already back on email.

“There are important ways that customers can distinguish legitimate ‘Racker’ outreach from unauthorized individuals claiming to be Rackers,” the spokesperson said.

Customers shouldn’t open any suspicious email attachments. They also shouldn’t click on any suspicious links, and ensure they recognize the sender and the email domain.

“In addition, we continue to recommend that customers stay vigilant, change their passwords frequently, utilize different passwords across their personal and professional accounts, and monitor their banking account statements and credit report for suspicious activity,” it said.

Rackspace Finalizing Ransomware Investigation

In its latest update, Rackspace said it’s working with CrowdStrike, other cybersecurity experts and federal authorities to finalize the investigation into the attack as expeditiously as possible.

“This investigation is in the process of concluding, and we look forward to sharing more information with our customers,” it said. “We appreciate your patience as we conclude these important investigations. It is critical that we do verify and present confirmed facts, rather than speculation.”