VFEMail hack destroys nearly 20 years of data

News by Rene Millman

Hackers deleted nearly everything in catastrophic attack that involved reformatting US servers.


Data went from in the cloud to up in smoke (Pic: Jon Feingersh Photography/Getty Images)

US-based email provider VFEmail.net has fallen victim to a cyber-attack by unknown hackers which resulted in the destruction of its entire infrastructure.

The hackers breached servers of the email provider and wiped the data from all its US servers, destroying all US customer data in the process. The attack took place on 11 February.

VFEmail founder Rick Romero wrote on Twitter that the service is "effectively gone".

"It will likely not return. I never thought anyone would care about my labor of love so much that they'd want to completely and thoroughly destroy it," he added.

Romero noticed on Monday that all servers for his email service had gone down. Later, VFEmail’s Twitter account reported that a hacker had "just formatted everything".

Later, the provider took to Twitter to report that it had "caught the perp in the middle of formatting the backup server".

Romero later reported that the attack covered VFEmail’s "entire infrastructure," including mail hosts, virtual machine hosts and an SQL server cluster. He added that the hacker may have had access to multiple passwords. "That’s the scary part," he said.

VFEmail has returned to service, delivering email, although it is not known if the service is working for US-based accounts. VFEmail noted that there was no prior indication from hackers before the attack happened, such as a ransom demand.

"We have suffered catastrophic destruction at the hands of a hacker… This person has destroyed all data in the US, both primary and backup systems. We are working to recover what data we can," the email provider said in a statement.

Chris Doman, security researcher at AlienVault, told SC Media UK that the email provider is popular with some of the shadier parts of the internet.

"This in itself provides some interesting motivations for why someone might want to wipe all of their data," he said.

He added: "Based on the command executed by the attackers, and shared on Twitter by VFEEmail, the attackers used the dd to wipe the systems. It may be possible to restore the files, but it will be harder than if the attackers had simply deleted individual files."

Dr Darren Williams, CEO and founder of BlackFog, told SC that many businesses today completely rely on technology to run their operations and when that technology comes under attack, it can threaten a company’s very existence.

"The rise in major security incidents has certainly urged organisations to reassess their cyber-security strategies in the past 12 months. This attack illustrates that cyber-security defence requires multiple layers of defence which no single solution can provide. Today’s attacks are infinitely more sophisticated and more coordinated than five years – or even one year – ago. Cyber-criminals are focused on stealing data for both corporate espionage and personal attacks. It is crucial that all devices are protected from such loss of data in this new era of cyber-warfare," he said.

Steve Blow, tech evangelist at Zerto, told SC that having an extensive tiered security model as well as appropriate role-based access control can help minimise risks from most attacks.

"Having an air gap to at least some of your backups is another recommended method of minimising the implications of an attack like this, whilst ensuring the data protection tool(s) you are using have an appropriate configuration from a security and isolation standpoint is also key," he said. 

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews