View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Data
February 13, 2019

“Catastrophic Destruction”: Hacker Takes a Match to Email Provider

“I never thought anyone would care about my labor of love so much that they'd want to completely and thoroughly destroy it.”

By CBR Staff Writer, a US-based email provider, has effectively been destroyed by a single cyberattack on Monday night, with the company – which was founded in 2001 – suffering what it described as “catastrophic destruction”.

The company issued warnings to their customers that “data in the US, both primary and backup systems,” has been completely wiped from servers after a hacker formatted all the disks on every server. That’s 18 years of emails gone.

VFEmail caught the hacker as they were in the process of formatting the backup server, but couldn’t respond fast enough with the company informing its users via Twitter that: “Every VM is lost. Every file server is lost, every backup server is lost.”

The data wipe was so bad that users who had both paid and free accounts no longer have existing mailboxes, as these were destroyed in the wipe and new mailboxes are only created once they receive a new email. The delivery mechanism that enabled free account holders to send mail no longer exist so that entire functionality is gone.

The hacker was “last seen as aktv@” they said. No demands were made prior to the attack, the company said. VFEmail has previously faced extortion attempts from “script kiddies” the Armada Collective and was kicked off its data centre after declining to pay a ransom to stop DDoS attacks in 2015. (Founder Rick Romero blogged about the incident here).

VFEMail Hack:  Service “Effectively Gone”

“Strangely, not all VMs shared the same authentication, but all were destroyed. This was more than a multi-password via ssh exploit, and there was no ransom. Just attack and destroy,” VFEmail wrote.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

VFEmail founder Rick Romero has taken to Twitter to confirm users worst fears that VFEmail is ‘effectively gone’. The founder is understandably dismayed at the turn of events stating that: “I never thought anyone would care about my labor of love so much that they’d want to completely and thoroughly destroy it.”

Dan Sloshberg cyber resilience expert at Mimecast commented to Computer Business Review: “This disastrous attack on VFEmail is a clear reminder to all organisations about the importance of third-party backups and email archives. They are a valuable, compliance-sensitive asset and a primary record of business communication.”

“Many IT teams are unaware of the data recovery gaps with cloud providers and assume they are covered for all types of data loss or corruption. Outsourcing a critical business service like email requires businesses to plan for the near-inevitable security breach, hardware failure or human error.”

See Also: RATs and Business Email Compromise Attacks on the Rise

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.