If you’re a user of the VFEmail secure email provider, you most certainly have seen the following alert posted on the website:
www.vfemail.net and mail.vfemail.net are currently unavailable in their prior form.
We have suffered catastrophic destruction at the hands of a hacker, last seen as firstname.lastname@example.org
This person has destroyed all data in the US, both primary and backup systems. We are working to recover what data we can.
What Happened to VFEmail?
Apparently, hackers were able to destroy the email provider’s entire U.S. data including backups. The reason for the hack is unknown. According to the company’s founder, 18 years’ worth of customer email may be wiped out for good.
VFEmail was founded in 20o1, based in Milwaukee, Wisconsin. VFEmail provides email service to both businesses and end users.
On the morning of February 11 it became evident that something was not right – VFEmal’s Twitter account started receiving reports from users who said they were no longer receiving messages.
Two hours later, the company said in a tweet that it had detected an intruder while formatting one of the mail servers in the Netherlands.
At this time, the attacker has formatted all the disks on every server. Every VM [virtual machine] is lost. Every file server is lost, every backup server is lost. Strangely, not all VMs shared the same authentication, but all were destroyed. This was more than a multi-password via ssh exploit, and there was no ransom. Just attack and destroy, VFEmail said.
It also appears that the attacker was doing the hack from a server based in Bulgaria.
It’s not clear how or whether VFEmail will ever recover from the destructive attack that wiped out all its U.S. data. The terrible hack however serves as a reminder that no one is safe, and that privileged access to a network can be fatal to a business and its customers.