The recent ransomware attack on Rackspace Technology has highlighted the importance of good cybersecurity practices. On December 2, 2022, Rackspace, a major cloud computing company, was hit with a ransomware attack on its managed email services. It is believed that the attack initially took advantage of the ProxyNotShell vulnerability in Microsoft Exchange. The attack was carried out by a relatively newer ransomware group known as PLAY, and it is believed that they were financially motivated. The forensic investigation determined that the threat actor accessed a Personal Storage Table of 27 Hosted Exchange customers. The exploit of the Rackspace environment highlighted a new critical remote code execution vulnerability in Exchange Server, which was initially patched back in November 2022. To protect against similar attacks, organizations should implement best practice security recommendations. This includes patching, securing remote access, and increasing password security. Patching is a vital aspect of preventing a ransomware attack, as attackers often use unpatched vulnerabilities to attack critical systems and launch ransomware attacks. Organizations should also strengthen the security of remote access systems, ensuring these are fully patched, and users must use strong passwords for authentication along with multi-factor authentication. Additionally, organizations should use tools like Specops Password Policy to improve password security for Active Directory accounts and protect against breached and weak passwords. By taking these steps, organizations can protect themselves from ransomware attacks and the fallout that can result from them.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 08 Feb 2023 15:59:02 +0000