Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish
| (844) 627-8267

Rackspace criticized for PR response to ransomware attack | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

This was supposed to be Rackspace Technology Inc.’s holiday season before launching into a rebuilding year.

CEO Amar Maletira last month told shareholders that the San Antonio-based cloud-computing company would kick-start its new strategy to reorganize its public and private business units starting Jan. 1.

“I know we need to rebuild our credibility as a team,” he said. “We intend to build a track record of meeting and beating expectations.”

But any efforts to rebuild credibility were undermined when Rackspace, the largest tech company in San Antonio, was hit by a ransomware attack on Dec. 2, leaving thousands of customers worldwide without access to data including archived email, contacts and calendar items.

The fallout from the incident put the company through a crisis public relations and customer service test that many say it failed.


‘Confident in our strategy’: Rackspace CEO optimistic for success of company’s reorganization

Rackspace provided numerous status updates on its corporate
and social media accounts, and it said it cooperated with the FBI, cyber experts and Austin-based cybersecurity firm CrowdStrike to
a “financially motivated threat actor.”

But while they acknowledged customer complaints over how its handled troubleshooting, they have remained tight-lipped about the attack and attempts to restore data.

And although some customers say they understand why Rackspace must remain cautious about sharing information amid the ongoing investigation and pending class-action lawsuits, they are frustrated with what they consider being left in the dark about security concerns and whether they will ever regain access to their data.

“Rackspace is not being very transparent with us, and we can’t access, in my case, six years of historic emails,” said Mike Kuczskowski, CEO of New York-based communications strategy firm Orangefiery. “I’d like to know when I can. My team would like to know when we could.”

Speed vs. accuracy

During the first interview since the attack, Rackspace executives and an outside adviser praised the company for “a really quick response” that included bringing in CrowdStrike and taking down its hosted Exchange email system.

The adviser, who spoke on a condition of anonymity, said they were impressed that the company had been cautious about disseminating information and being “very careful about making sure that we could confirm that it was in fact a small blast radius and contained to a small group.”

Often, they said, companies in such crises are hasty in making public statements that they later need to correct because they didn’t have sufficient facts at the time.

Rackspace Chief Product Officer Josh Prewitt said he has seen the criticisms of the company’s response and communication on social media but that the need for accuracy in the information it released had to outweigh the desire for more of it.

“We don’t want to walk back anything that we said, like so many other companies have had to do,” he said. “So it was important to us that we get it right and everything that we share is accurate and not speculation.”

Typically, communication experts say that companies responding to crises should share accurate information with shareholders and the media as swiftly as possible. A key goal is to get and stay ahead of social media rumor mills in order to prevent them from driving the narrative.

“You want to share information with the people who are affected, offer them advice on what you know, what they can do or what the company can do to help protect their credit or personal information in the future,” said Jonathan Gurwitz, a partner at
KGBTexas, a marketing and advertising company in San Antonio.

Communicating in crisis

Certain aspects of ransomware attacks and other forms of cybercrimes can alter communication strategies. For example, while Gurwitz advises clients to cooperate with federal, state and local law enforcement, he noted that doing so often results in companies being limited to what they can share about digital attacks.

“It’s frequently the case in ransomware situations where the actor creates an incentive for the target company not to cooperate or not to report for law enforcement,” he said.

The FBI defines ransomware as a form of malicious software — or malware — that encrypts data on a computer, making it unusable. A cyber criminal holds the data hostage until a ransom is paid. The FBI advises against paying a ransom, since doing so does not guarantee the criminals will restore access to the data. Even after getting what they want, they often destroy the data or release it to the public.

High-profile ransomware cases include attacks on the Colonial Pipeline system and on the food processing company JBS. In 2021, Judson Independent School District
$547,045 to keep “identifiable information” from being published online after being hit with a ransomware attack that shut down phones, computers and email, and compromised personal information.

Overall, the FBI last year received more than 3,700 complaints identified as ransomware with losses of $49.2 million, according to the federal agency’s Internet Crime Report in 2021. Still, federal agencies
that about a quarter of ransomware attacks go unreported.


Rackspace says ‘known ransomware group’ is behind attack on servers; still working to retrieve data

During ransomware attacks, communication experts say they also work closely with a client’s legal team and insurance companies to ensure its response does not create a liability. Rackspace says it has insurance covering cyberattacks.

Companies with cybersecurity insurance — a relatively new and evolving product — that invoke their policies are generally beholden to act in accordance with their policies’ terms and digital experts’ guidelines.

“That often drives what companies can share on the communications side,” Gurwitz said.

Experts say that cyberattacks create a lot of uncertainty for clients who judge companies on their competency, transparency and respect.

“The most damaging reputational concern you should have is being wrong in an incident and saying something where you have to correct yourself because then your credibility is damaged through the rest of the response,” said Erik Moser,
managing director
of cyber risk at Kroll, a corporate investigation and consulting company in New York. “If you’re wrong about one thing, your audience loses trust in everything else you say,” he said.

The first 72 hours of a ransomware attack are critical. During that time, affected companies must provide “proactive initial messaging to impacted audiences,” according to a Kroll document outlining how to respond to a cyber incident, as well as “internal guidance to employees to support customers” and “updates as services change.”

“In those uncertain times, try to take care of your audiences, your stakeholders,” Moser said. “Give them solutions that they need to do what they can do and build on those dimensions. Try not to overstate what you don’t know.”

Customer experience

Kuczskowski, the Rackspace customer, is a trustee of the
Institute for Public Relations, a nonprofit group. He also worked for more than a decade at communications giant
Edelman, leading public relations for HP in the wake of its nearly $9 billion write-down after it determined that Autonomy, which HP had acquired for about $11 billion, had misrepresented its finances.

Kuczskowski remembers waking up Dec. 2 and finding that he couldn’t access his emails. He saw that Rackspace
on Twitter that it was “investigating connectivity & login issues” for its Exchange system. Rackspace occasionally had outages, he recalled thinking to himself, but he found the company “fairly reliable” in terms of keeping its system running.

Then, early the next morning, he read the company’s tweet that
it had “determined that this is a security incident,” had called on more than 1,000 “Rackers” from around the globe to help assist customers through email and over the phone, and would help clients restore email services through Microsoft 365.

To Kuczskowski, the message seemed to focus more on highlighting Rackspace’s efforts than explaining what was wrong.

“They had a lot of self-congratulatory messaging that they were putting in the system status updates,” he said.


Rackspace’s reputation taking a hit as response to ransomware attack falls short of customers’ hopes

It took nearly four days — till Dec. 6 — for Rackspace to announce on its
and Twitter that it had “determined that the isolated disruption is the result of ransomware and our security team is working with a lead cyber defense firm to investigate.”

Since then, customers, a mix of tech-savvy clients and others who are new to the cloud, have stormed social media to complain about spending hours waiting for customer service to respond to their questions and difficulty understanding the instructions for moving their accounts to another server to access new emails.

On Dec. 10, Rackspace posted tweets calling itself a “customer-first organization.” The company suggested that its clients reach out to its staff for support and offered a video tutorial on how to migrate to Microsoft 365.

“Alright, well I’ve been on hold for 1 hr, 4 minutes. And this is after the helpdesk called me back. Good night,” Kuckowski
in response that evening.

Kuczkowski said he already owned the Microsoft product, so he added Exchange to the software himself. It was cheaper to get it directly from Microsoft than to join through Rackspace. He has not stopped his Rackspace service altogether, mainly because he still hopes to get access to his past emails and data.

“Eventually, I will be a former Rackspace customer,” he said.

‘Fanatical experience’

In the days following the ransomware attack, Rackspace underwent a “rapid, rapid rush” to train people to answer questions and help customers migrate to Microsoft 365, change their domain name system — or DNS — and set up local devices, Prewitt said.

“The customer experience is paramount, and being able to deliver on a fanatical experience for customers is the most important thing,” he said. “And so, I hate that we saw queue times that were as long as we did.”

For many users, however, the company’s stated commitment to customer service rang untrue.

Málaga Smith, president of California-based
Communications Team, said there was “zero support” on Rackspace’s online chat widget meant to enable customers to navigate help topics.

“Reading their PR has been a real experience — so far from the truth,” Smith said, later adding: “The most disturbing thing for me is their use of technical terms, and how they’ve written their PR.”

From her perspective, Smith was put off by Rackspace seeming to inflate the extent to which it helped customers.

She noted that Rackspace pointed out migrating customers to Microsoft 365 “when all they did was open new accounts for them on a new platform.” She has switched her DNS temporarily to another provider to forward emails or create temporary website accounts.

“The way they wrote it, anyone who isn’t familiar with their products or isn’t technical would think there is progress, but sending and receiving email on a new account isn’t rocket science,” she said. “Getting the lost data back is the real issue. It’s what’s hurting businesses still.”

As for Kuczkowski, he believes the starting point for any effective crisis response is to know what happened. There are a set of facts. Does Rackspace have its arms around those facts yet? Is it at risk of disclosing facts they might have to walk back?

“If you stick to the facts, that’s not going to be much of an issue, but you might face vulnerabilities from a litigation perspective and you might face some insurance problems,” he said. “But that’s a red flag to me since the facts should guide your response.”

For now, he is not “white-knuckling” on his keyboard.

“I think I’d use the term comically bad,” he said. “My whole business is built on communications. To have something like this hit my service provider and to experience this sort of self-congratulatory, ‘We have gotten thousands of customers up and running on Microsoft 365’ message when I can’t get a call back from a help desk ticket.”


Click Here For The Original Source.

National Cyber Security