VFEmail Suffers Disastrous Cyberattack with Permanent Loss of Customers Email Data

The email provider VFEmail has suffered a cyberattack that has caused “disastrous destruction.” A hacker with a Bulgarian IP address gained access to its U.S. servers and formatted them; destroying all data in its primary and standby systems. The attack began in the morning of February 11, 2019.

VFEmail issued a statement saying that all disks on its U.S. servers were formatted and all of its virtual machines, mail servers, and backup servers lost.

The firm is presently attempting to recover as much data as possible, but it doubts that all user data saved on its U.S. servers have most likely been everlastingly lost. All users have been informed not to reconnect their local mail customers as this would likely lead to all local copies of emails and email attachments also being lost.

The attack was found while it was in progress but not in time to avoid the loss of most of the firm’s infrastructure. The attacker had begun formatting VFEmail servers in the Netherlands when the attacker was found and stopped. In that instance, user data could be recovered from a standby server which survived the attack, although it is presently unclear how much of the user data on the server can be restored.

As per VFEmail, the attack did not seem to be financially inspired. No ransom demand was issued, and no prior threats were received. The attack seemed to be exclusively about disruption. “This was more than a multi-password via ssh exploit, and there was no ransom. Simply attack and destroy.” 

This attack clearly shows the significance of sound backup tactics, which include making several backup copies with at least one copy saved securely on a device completely separate from production data and not accessible over the Internet. The business did use off-site backup servers, but they were linked to the Internet.

It is presently unclear how access to the business’s server was gained. Several data centers were affected by the attack and not all of the affected servers required the same verification identifications. What is clear is that in spite of the fact that VFEmail publicized its email service as safe, not all vulnerabilities had been tackled. The business’s backup processes have also been questioned as it should not have been possible for all user data to have been deleted – Email data going back about 18 years is thought to have been permanently lost.

As per one business user in Florida, over 60,000 sent and received emails from more than 10 years were permanently lost.

Incoming mail is now being distributed, but it is seeming likely that VFEmail might not be able to recover from the attack. To recover would mean completely rebuilding from scratch and rewriting a substantial amount of custom code.

As for the reason for the attack, it is pure assumption presently. It has been proposed that there might have been some data in emails that a person or group desired to be permanently removed. If that proves to be the case, the attackers seem to have succeeded.