Last Saturday, United Hoster, a hosted exchange provider from Stuttgart, suffered a ransomware attack. The attack caused the server to be extensively encrypted, predominantly the mail databases, and made the hosted exchange unavailable. The provider has informed its customers of the incident and offered them an alternative solution for emails. However, the exact solution remains unclear.
The company immediately took countermeasures and informed the data protection officer while submitting a report to the competent state data protection supervisory authority quickly. The company also filed a criminal complaint with the police and worked closely with the investigating authorities.
The attacker exploited an unknown vulnerability in Microsoft Exchange to gain access to the Exchange Server, according to the spokesperson. The company was not specific about which Exchange vulnerability the attackers abused. No ransom demand has been received, which the company sees as further evidence that no data has been leaked.
The company is currently building a new Microsoft Exchange environment for recovering the system. However, the provider does not wish to disclose the number of affected customers or mailboxes, stating that it is part of its trade secret. The timeline for service restoration in the new structure is also unknown.
In the past, Rackspace, a large hosted exchange, suffered a cyber attack and migrated their customers to Microsoft 365 as a quick fix. At that time, some vulnerabilities from the ProxyNotShell environment were misused for the intrusion to install the Play ransomware.
