Hackers hit VFEmail, wipe US servers and backups
Unknown attackers have breached the servers of VFEmail and have wiped disks on every one of its US-based servers, the email provider has confirmed.
At this time, the attacker has formatted all the disks on every server. Every VM is lost. Every file server is lost, every backup server is lost. NL was 100% hosted with a vastly smaller dataset. NL backups by the provideer were intact, and service should be up there.
— VFEmail.net (@VFEmail) February 11, 2019
About VFEmail
VFEmail was started in 2001 by Rick Romero, with the intention of providing secure, private email services to companies and end users.
In the last few years, the service has been repeatedly targeted with DDoS attacks. Some were mounted in an attempt to extort money from the owner, others for no apparent reason.
This latest attack seemingly falls into the latter category.
What is known about the attack?
Romero says that he “caught the perp in the middle of formatting the backup server” and that the attack came from 94.155.49.9, an IP address assigned to a Bulgarian hosting company.
“Strangely, not all VMs shared the same authentication, but all were destroyed. This was more than a multi-password via ssh exploit, and there was no ransom. Just attack and destroy,” he added.
VFEmail was made temporarily unavailable by the hack, but service has been restored and incoming mail is being delivered. The main website and the webmail client are back online.
“At this time I am unsure of the status of existing mail for US users. If you have your own email client, DO NOT TRY TO MAKE IT WORK. If you reconnect your client to your new mailbox, all your local mail will be lost,” Romero prominently warned on the VFEmail main page.
It is unclear at this time if the wiped information can be recovered.
This is all I can do at this time. I will need to get into the datacenter to see if the one file server I caught during formatting can be recovered. If it can, we can restore mail, but most of the infrastructure is lost.
— VFEmail.net (@VFEmail) February 11, 2019
Those who have lost years of emails are now left waiting for some good news. It doesn’t look good, though: Romero told Brian Krebs that he doesn’t have very high expectations of getting any US data back.
This attack may not turn out to be as catastrophic to VFEmail as the similar one that effectively destroyed cloud code hosting service Code Spaces in 2014, but there’s no doubt that it will have a considerable negative impact on both the service and its users.