Hackers hit VFEmail, wipe US servers and backups

Unknown attackers have breached the servers of VFEmail and have wiped disks on every one of its US-based servers, the email provider has confirmed.

About VFEmail

VFEmail was started in 2001 by Rick Romero, with the intention of providing secure, private email services to companies and end users.

In the last few years, the service has been repeatedly targeted with DDoS attacks. Some were mounted in an attempt to extort money from the owner, others for no apparent reason.

This latest attack seemingly falls into the latter category.

What is known about the attack?

Romero says that he “caught the perp in the middle of formatting the backup server” and that the attack came from 94.155.49.9, an IP address assigned to a Bulgarian hosting company.

“Strangely, not all VMs shared the same authentication, but all were destroyed. This was more than a multi-password via ssh exploit, and there was no ransom. Just attack and destroy,” he added.

VFEmail was made temporarily unavailable by the hack, but service has been restored and incoming mail is being delivered. The main website and the webmail client are back online.

“At this time I am unsure of the status of existing mail for US users. If you have your own email client, DO NOT TRY TO MAKE IT WORK. If you reconnect your client to your new mailbox, all your local mail will be lost,” Romero prominently warned on the VFEmail main page.

It is unclear at this time if the wiped information can be recovered.

Those who have lost years of emails are now left waiting for some good news. It doesn’t look good, though: Romero told Brian Krebs that he doesn’t have very high expectations of getting any US data back.

This attack may not turn out to be as catastrophic to VFEmail as the similar one that effectively destroyed cloud code hosting service Code Spaces in 2014, but there’s no doubt that it will have a considerable negative impact on both the service and its users.