VFEmail has announced that it has suffered a debilitating cyber attack which saw nearly all of their data compromised.
VFEmail, an email provider, issued a statement which stated that all of its virtual machines, mail servers, and backup servers were lost. VFEmail investigators estimated that almost two decade’s worth of data was lost in the attack, which the organisation described as “catastrophic”.
On February 11, a hacker with a Bulgarian IP address gained access to its U.S. servers and formatted them, therefore destroying all data in its primary and backup systems. VFEmail stated that the hacker formatted all disks on its U.S. servers in the attack.
Investigators and IT professionals are working to recover the lost data. However, it is likely that all user data stored on its U.S. servers has been permanently lost.
“Yes, @VFEmail is effectively gone,” VFEmail founder Rick Romero posted on Twitter shortly after the attack. “It will likely not return. I never thought anyone would care about my labor of love so much that they’d want to completely and thoroughly destroy it.”
VFEmail has recommended that users should not attempt to reconnect their local mail clients as this would likely result in all local copies of emails and email attachments also being lost.
VFEmail discovered the attack while it was still in progress, but could do nothing to prevent the significant damage done to its infrastructure. The attacker had started formatting VFEmail servers in the Netherlands when the attacker was traced and stopped. User data stored in the Netherlands was recovered from a backup server which survived the attack, although it is currently unclear how much of the user data on the server can be restored.
According to VFEmail, the hacker did not seem to want to profit from the attack. The organisation did not receive a ransom demand, and before the attack, they had not received any threats. The hacker’s only goal was to destroy VFEmail’s infrastructure. VFEmail stated: “This was more than a multi-password via ssh exploit, and there was no ransom. Just attack and destroy.”
This attack demonstrates the importance of sound backup strategies, which include making multiple backup copies with at least one copy stored securely on a device entirely separate from production data and not accessible over the Internet. The company did use off-site backup servers; however, as these were connected to the Internet, they were not immune to attack.
Investigators have yet to ascertain how the hacker gained access to company servers. The hacker targeted multiple data centres, and not all of the affected servers required the same authentication credentials.
VFEmail advertised its email service as secure; however, this attack shows that its researchers had not addressed all vulnerabilities present in the system. The company’s backup procedures have also been questioned as it should not have been possible for all user data to have been erased.
According to one business user in Florida, more than 60,000 sent and received emails from over 10 years were permanently lost.
Incoming mail is now being delivered, but it is looking likely that VFEmail may not be able to recover from the attack.