“I never thought anyone would care about my labor of love so much that they’d want to completely and thoroughly destroy it.”
VFEmail.net, a US-based email provider, has effectively been destroyed by a single cyberattack on Monday night, with the company – which was founded in 2001 – suffering what it described as “catastrophic destruction”.
The company issued warnings to their customers that “data in the US, both primary and backup systems,” has been completely wiped from servers after a hacker formatted all the disks on every server. That’s 18 years of emails gone.
VFEmail caught the hacker as they were in the process of formatting the backup server, but couldn’t respond fast enough with the company informing its users via Twitter that: “Every VM is lost. Every file server is lost, every backup server is lost.”
At this time, the attacker has formatted all the disks on every server. Every VM is lost. Every file server is lost, every backup server is lost. NL was 100% hosted with a vastly smaller dataset. NL backups by the provideer were intact, and service should be up there.
— VFEmail.net (@VFEmail) February 11, 2019
The data wipe was so bad that users who had both paid and free accounts no longer have existing mailboxes, as these were destroyed in the wipe and new mailboxes are only created once they receive a new email. The delivery mechanism that enabled free account holders to send mail no longer exist so that entire functionality is gone.
The hacker was “last seen as firstname.lastname@example.org” they said. No demands were made prior to the attack, the company said. VFEmail has previously faced extortion attempts from “script kiddies” the Armada Collective and was kicked off its data centre after declining to pay a ransom to stop DDoS attacks in 2015. (Founder Rick Romero blogged about the incident here).
VFEMail Hack: Service “Effectively Gone”
“Strangely, not all VMs shared the same authentication, but all were destroyed. This was more than a multi-password via ssh exploit, and there was no ransom. Just attack and destroy,” VFEmail wrote.
VFEmail founder Rick Romero has taken to Twitter to confirm users worst fears that VFEmail is ‘effectively gone’. The founder is understandably dismayed at the turn of events stating that: “I never thought anyone would care about my labor of love so much that they’d want to completely and thoroughly destroy it.”
Dan Sloshberg cyber resilience expert at Mimecast commented to Computer Business Review: “This disastrous attack on VFEmail is a clear reminder to all organisations about the importance of third-party backups and email archives. They are a valuable, compliance-sensitive asset and a primary record of business communication.”
“Many IT teams are unaware of the data recovery gaps with cloud providers and assume they are covered for all types of data loss or corruption. Outsourcing a critical business service like email requires businesses to plan for the near-inevitable security breach, hardware failure or human error.”