More than two weeks after Rackspace's Hosted Exchange dramatically collapsed, the company has said that data recovery will start soon.

The outage was caused by a ransomware attack, with the company turning to cybersecurity company CrowdStrike to help with recovery.

Crash test dummy outage
– Sebastian Moss

"Our systems were restored in an isolated environment," the company said in its most recent statement, at 08:55 PM EST on December 18.

"Once they were restored, our experts installed Falcon, CrowdStrike's endpoint detection and monitoring tool, onto every impacted server for enhanced visibility across the environment."

Every device required "significant attention to examine and process it," which the company said took a long time. "Following the manual removal of malicious files and additional scans to validate that each server was clean, we then released the servers with Falcon deployed on them into a clean environment and tagged them as ready for the next phase of the process."

The company then recovered the data on the process, and handed them over to CrowdStrike to validate.

"After the servers are cleared for extraction, Rackspace has created automation that opens the exchange database files and reviews the details of each individual PST file, then correlates it to a customer account," the company said. "The correlated files are then routed to a staging environment, from which data will be extracted and released to customers by account."

Rackspace warned that it could not promise that every PST file would be recoverable, as some of the files may corrupt.

"As this process continues to progress, we look forward to initiating data recovery for each customer by distributing PST files to them through their secure customer portal," Rackspace said.

It will notify customers "in the coming days" via the secure control panel.

Subscribe to our daily newsletters