Instead of financial gain or other, more usual, goals, the attacker leaves ‘scorched digital earth’ behind
An unknown attacker has wrought rare havoc on email service provider VFEmail, wiping out all of the company’s data stored in the United States, according to an announcement on the firm’s website.
Describing the incident as “catastrophic”, the company said that the intruder had destroyed not only the primary data on the firm’s US servers, but also all backups. The onslaught thrashed 18 years’ worth of user data and backups of a company that has provided both free and paid email services for businesses and end users alike. That, of course, means countless email messages sent and received by its users over the years.
The attack on the Wisconsin-based company is believed to have unfolded over several hours on Monday. Shortly after users began to complain that something was amiss, VFEmail acknowledged the attack at its entire US-based infrastructure.
“At this time, the attacker has formatted all the disks on every server. Every VM [virtual machine] is lost. Every file server is lost, every backup server is lost,” VFEmail tweeted later, assessing the damage.
Strangely, not all VMs shared the same authentication, but all were destroyed. This was more than a multi-password via ssh exploit, and there was no ransom. Just attack and destroy.
— VFEmail.net (@VFEmail) February 11, 2019
In addition, the attacker zoomed in on the company’s resources in the Netherlands. There, as reported by security journalist Brian Krebs, VFEmail “caught a hacker in the act of formatting one of the company’s mail servers”.
The primary data in the Netherlands was also destroyed but, as per CNET, at least some of the backups were salvaged. However, “[i]t’s nowhere near a full restore,” wrote the site, quoting VFEmail owner Rick Romero.
In the meantime, the site is said to have restored the ability to deliver and send email at least for a portion of its users. VFEmail wrote that they continue to work on recovering whatever user data can be recovered.
That said, Romero painted a grim picture on his personal Twitter account: “Yes, @VFEmail is effectively gone. It will likely not return,” he intimated.
Krebs noted the service’s past troubles with cybercriminals. Over the years, VFEmail has mainly faced multiple debilitating distributed denial-of-service (DDoS) attacks, including those involving extortion attempts. However, none of those or other attacks has resulted in what is apparently an irretrievable data loss.